基本HTTP和承载令牌认证 [英] Basic HTTP and Bearer Token Authentication

查看:514
本文介绍了基本HTTP和承载令牌认证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我目前正在开发一个REST-API,它是为开发环境保护的HTTP-Basic。由于真正的身份验证是通过令牌完成的,我仍然在尝试弄清楚如何发送两个授权头。

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I'm still trying to figure out, how to send two authorization headers.

我试过这个:

curl -i http://dev.myapp.com/api/users \
  -H "Authorization: Basic Ym9zY236Ym9zY28=" \
  -H "Authorization: Bearer mytoken123"

对我的IP的HTTP验证,但由于我通常在与动态IP的不同环境工作,这不是一个好的解决方案。

I could for example disable the HTTP-Authentication for my IP but as I usually work in different environments with dynamic IPs, this is not a good solution. So am I missing something?

推荐答案

尝试这个方法在url上推送基本认证:

Try this one to push basic authentication at url:

curl -i http://username:password@dev.myapp.com/api/users -H "Authorization: Bearer mytoken123"
               ^^^^^^^^^^^^^^^^^^

如果上方不工作,那么你跟它没有关系。因此,请尝试以下替代方法。

If above one doesn't work, then you have nothing to do with it. So try the following alternates.

您可以使用另一个名称传递令牌。因为您正在处理来自您的应用程序的授权。因此,您可以轻松地将此灵活性用于此特殊用途。

You can pass the token under another name. Because you are handling the authorization from your Application. So you can easily use this flexibility for this special purpose.

curl -i http://dev.myapp.com/api/users \
  -H "Authorization: Basic Ym9zY236Ym9zY28=" \
  -H "Application-Authorization: mytoken123"

请注意,我已将头更改为应用程序授权。因此,从您的应用程序中捕获该标题下的令牌并处理您需要做的事情。

Notice I have changed the header into Application-Authorization. So from your application catch the token under that header and process what you need to do.

您可以做的另一件事是传递 通过 POST 参数并从服务器端获取参数的值。例如,使用curl post参数传递令牌:

Another thing you can do is, to pass the token through the POST parameters and grab the parameter's value from the Server side. For example passing token with curl post parameter:

-d "auth-token=mytoken123"

这篇关于基本HTTP和承载令牌认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆