What are the HTTP Authentication schemes and methods?

About

This page lists the HTTP authentication schemes and the HTTP components that they used

List

¹⁾

Via the Http Authorization Header:

• Basic
• Bearer
• Digest

Others:

• DPoP
• HOBA rfc 7486, Section 3
• Mutual search/rfc_search_detail.php
• Negotiate RFC4559, Section 3
• OAuth, OpenId
• SCRAM-SHA-1 search/rfc_search_detail.php
• SCRAM-SHA-256 search/rfc_search_detail.php
• vapid

This is not an authentication but when authentication is successful, a session cookie may:

• hold the state of authentication via the session id
• hold as value the identification token encrypted.

Scheme Elements

In this authentication scheme, the following HTTP elements may play a role:

• the HTTP authorization header to hold a value
• the HTTP cookies to hold a value, for instance the session token
• or a TLS client certificates to authenticate via digital signature,

At the end of the journey, a value is used to authenticate the client (ie user, process).

Documentation / Reference

• Authentication (rfc7235), R. Fielding, J. Reschke. IETF. - Hypertext Transfer Protocol (HTTP/1.1): Authentication.
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication