 |
| pixabay.com |
Hello Everyone, This day I would like to introduce you to the default header for authorization in HTTP.
HTTP auth scheme is a guide or standardization scheme for the authorization header in the HTTP protocol. this standard is using key Authorization in the header and followed by a value that usually filled by key or token. for example :
Authorization : <type> <key/token>
this standard is the solution of the key header for authorization that really random was provided by developers to build an authorization header for their application, in my experience, developers used to "token" for their key in the header that usually followed by the hash value. the random key makes developers using more time for writing code for getting header key and validating the value which is you could use the library and focus on writing the logic of your application.
Depend on Mozilla site, HTTP auth scheme divided by 4 types, such as :
nowadays developers using token (read: hash value) for authorization, and most of them using JWT (JSON web token). the JWT itself already recommending a lot of libraries that developers could use for supporting their authorization.
if you use JWT, you could pick one of the libraries depending on your language. the library itself is already supporting HTTP Auth Scheme, so you just need to configure the auth by yourself such as the type of algorithm and the secret key for the hash. also, the JWT is already supporting for Bearer Authorization Standard which is the newest and the most secure for authorization, until this article posted.
The standard HTTP Auth Scheme is the standard that supporting developers to makes building authorization easily and more secure, you could use the custom key but in case you need faster and more secure way, the standard is the best choice for you.
Authorization : <type> <key/token>
this standard is the solution of the key header for authorization that really random was provided by developers to build an authorization header for their application, in my experience, developers used to "token" for their key in the header that usually followed by the hash value. the random key makes developers using more time for writing code for getting header key and validating the value which is you could use the library and focus on writing the logic of your application.
Depend on Mozilla site, HTTP auth scheme divided by 4 types, such as :
- Basic (see RFC 7617, base64-encoded credentials. See below for more information.),
- Bearer (see RFC 6750, bearer tokens to access OAuth 2.0-protected resources),
- Digest (see RFC 7616, only md5 hashing is supported in Firefox, see bug 472823 for SHA encryption support),
- HOBA (see RFC 7486, Section 3, HTTP Origin-Bound Authentication, digital-signature-based),
- Mutual (see RFC 8120),
- AWS4-HMAC-SHA256 (see AWS docs).
for more information on how to use it, you could read the journal RFC above.
if you use JWT, you could pick one of the libraries depending on your language. the library itself is already supporting HTTP Auth Scheme, so you just need to configure the auth by yourself such as the type of algorithm and the secret key for the hash. also, the JWT is already supporting for Bearer Authorization Standard which is the newest and the most secure for authorization, until this article posted.
Conclusion
The standard HTTP Auth Scheme is the standard that supporting developers to makes building authorization easily and more secure, you could use the custom key but in case you need faster and more secure way, the standard is the best choice for you.