"Basic Authentication" in Five Minutes
HTML-код
- Опубликовано: 24 авг 2024
- Learn what "Basic Authentication" is, how it's used, and what the HTTP Request looks like!
#Authentication #BasicAuth #HTTP
-------------------------------------------------------------------------------------------------------------------------
Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.
* Sign up for Okta for free at developer.okta...
* For more info visit us at developer.okta...
* Developer Blog: developer.okta...
* Sign up for our monthly newsletter! a0.to/zeroindex
* Follow us on Twitter: / oktadev
* Follow us on FB: / oktadevelopers
* Follow us on LinkedIn: / oktadev
Clear, short, great video. I appreciate these kinds of videos where you don't waste time and just give the info the title said it was about.
Good job, clear , rapid, just what i needed. thank you for your work.
Excellent content. Clearly articulated and explained. Thank you!
That is one of the most outstanding videos I have seen on this topic, what a dude,
thank you brother 👍.
Clear and to the point. 👍
HOw to create this local.example file???
It is basic indeed
Good lesson! Thank you very much!
clear and easy to understand. thank you
Thanks for putting this up.
Thank you for the video, unfortunately we have to do this in school
Thanks, please advise how we can pass basic authentication header and open a browser using java script (window.open)
nice video. one question. Can you please tell. how you created webpage for basic auth ? it will help in practicing
Nice explanation. Does Basic Authentication operate on a per-webpage basis only ? Do I need a separate mechanism to allow authenticated "sessions" so that the user will beauthenticated for any page they browse ? Thanks
It's best to NOT mix Basic Auth, and sessions. Pick one or the other if possible.
With Basic Auth your browser will remember the password and submit it on each request back to the server. With sessions your password is only sent to start the session (exchanging a long term credential, for a short term credential).
It is possible for a server to accept both, for example the server could default to returning some sort of login page (or redirect to login page) instead of returning a 401. Any API client that needs to use Basic Authentication would need to "preemptively" include the "Authorization" header on each request.
I appreciate your expertise and your reply. Many thanks
@@bdemers > With Basic Auth your browser will remember the password and submit it on each request back to the server.
Where is it stored? Cookies?
@@tsunghan_yu It's browser specifc. This is also one of the reasons that basic auth isn't a good choice for the end user.
NOTE: A server can respond with a session cookie (or other cookies), but those would not store a password.
Dunno if anyone else had this problem, but --user worked for me even though auth didn't.
didn't understood as u said..... its created in browser and not in any web page...means where?
thanks a lot : ) really useful video
Very helpful, but as someone mentioned, can we see the code for the request? What does the header look like?
When is recommended to use the basic auth? Give me examples
Thank you!
I'm oddly very interested in what your shirt says. "I find your lack of ...." Please tell me whats nexttt
The shirt says "I find your lack of security disturbing". It is alluding a quote from Star Wars. 🔒
@@OktaDev My curiosity has been satisfied. Thank YOUUU
What happens if i have multiple ":" in the username and password
Is this safe? Do commerical corporation use Apache auth basic provider module or they use some pre-webserver(before landing on webserver) or post-webserver(redirect by Apache web-server) to do authentication and Authorization?
With the basic auth being depreciated;
One of our vendors have reached out requesting that we need to make the changes in our Azure environment, to grant them office 365 exchange online api app permission. This external vendor app only applies to one of our custom domain.
My concern is I do not want to give access to all other custom domains in my organization to this external vendor app. And if I do grant the external vendor app access to the org wide, how much of our org environment will be exposed to the vendor, what kind of access will they have etc.
Is it possible to enable and grant my office 365 exchange online api permissions to an external vendor app specifically to one of my custom domains?... Just wondering also, if this can be done by specifying a security dynamic azure group and add members?
Any suggestions and how would very much appreciated.
Many thanks
Hi there. Not sure if you found a solution for this but in your Azure app registration you can define the api permissions.
The problem with basic AUTH nowadays, it that even if its inside https your ISEC team or the ISEC team of your API integrations partner will often demand more. One could produce exception documentation to prove its acceptable in accordance to sensitivity of material being transmitted if thats the case, but at this point its best to create an oauth solution rather than burning time on justification docs every time your application needs to make a new API integration.
waste of my time.