WWWAuthenticate - Infinite Lexicon - Infinite Lexicon

WWWAuthenticate

The WWW-Authenticate HTTP response header is used by a server to indicate that the requested resource requires authentication and to specify the authentication scheme(s) that should be used. It is sent with a 401 Unauthorized response (and, for some proxies, with a 407 Proxy Authentication Required) and is defined in HTTP/1.1 specifications. The header provides the challenges that the client must satisfy before access is granted.

Syntax: The header carries one or more challenges, each consisting of a scheme name and parameters. A

Common schemes include Basic, Digest, and Bearer (used with OAuth 2.0). Bearer may include error fields such

History and standards: The Basic and Digest schemes were specified in RFC 2617 and later updated by

Security considerations: Use TLS to protect credentials in transit, and avoid exposing sensitive information in logs

WWW-Authenticate:

realm="Example".

authentication:

WWW-Authenticate:

realm="Example",

A

a

…

…).

error_description

Proxy-Authenticate

a

a

a

a