What are the HTTP Authentication schemes and methods?
About
This page lists the HTTP authentication schemes and the HTTP components that they used
List
Via the Http Authorization Header:
Others:
- DPoP
- HOBA rfc 7486, Section 3
- Mutual search/rfc_search_detail.php
- Negotiate RFC4559, Section 3
- SCRAM-SHA-1 search/rfc_search_detail.php
- SCRAM-SHA-256 search/rfc_search_detail.php
- vapid
This is not an authentication but when authentication is successful, a session cookie may:
- hold the state of authentication via the session id
- hold as value the identification token encrypted.
Scheme Elements
In this authentication scheme, the following HTTP elements may play a role:
- the HTTP authorization header to hold a value
- the HTTP cookies to hold a value, for instance the session token
- or a TLS client certificates to authenticate via digital signature,
At the end of the journey, a value is used to authenticate the client (ie user, process).
Documentation / Reference
- Authentication (rfc7235), R. Fielding, J. Reschke. IETF. - Hypertext Transfer Protocol (HTTP/1.1): Authentication.