Reputation: 1191
Basic authorization command for curl
How do I set up the Basic authorization using Base64 encoded credentials?
I tried the below two commands, but of no use. Please suggest me the correct variant.
curl -i -H 'Accept:application/json' Authorization:Basic <username:password> http://example.com
curl -i -H 'Accept:application/json' Authorization:Basic.base64_encode(username:password) http://example.com
Upvotes: 96
Views: 231187
Answers (7)
Reputation: 59
I'm currently learning in HTB, to use the curl command for basic authentication, assuming that you need to give user name and password before accessing the webpage, use:
curl -u userName:userPassword 'http://ip_address:port' -H 'Authorization: Basic base64encodetext'
Upvotes: 0
Reputation: 29316
One way, provide --user flag as part of curl, as follows:
curl --user username:password http://example.com
Another way is to get Base64 encoded token of "username:password" from any online website like - https://www.base64encode.org/ and pass it as Authorization header of curl as follows:
curl -i -H 'Authorization:Basic dXNlcm5hbWU6cGFzc3dvcmQ=' http://localhost:8080/
Here, dXNlcm5hbWU6cGFzc3dvcmQ= is Base64 encoded token of username:password.
Upvotes: 27
Reputation: 16436
Background
You can use the base64 CLI tool to generate the base64 encoded version of your username + password like this:
$ echo -n "joeuser:secretpass" | base64
am9ldXNlcjpzZWNyZXRwYXNz
-or-
$ base64 <<<"joeuser:secretpass"
am9ldXNlcjpzZWNyZXRwYXNzCg==
Base64 is reversible so you can also decode it to confirm like this:
$ echo -n "joeuser:secretpass" | base64 | base64 -D
joeuser:secretpass
-or-
$ base64 <<<"joeuser:secretpass" | base64 -D
joeuser:secretpass
NOTE: username = joeuser, password = secretpass
Example #1 - using -H
You can put this together into curl like this:
$ curl -H "Authorization: Basic $(base64 <<<"joeuser:secretpass")" http://example.com
Example #2 - using -u
Most will likely agree that if you're going to bother doing this, then you might as well just use curl's -u option.
$ curl --help |grep -- "--user " -u, --user USER[:PASSWORD] Server user and password
For example:
$ curl -u someuser:secretpass http://example.com
But you can do this in a semi-safer manner if you keep your credentials in a encrypted vault service such as LastPass or Pass.
For example, here I'm using the LastPass' CLI tool, lpass, to retrieve my credentials:
$ curl -u $(lpass show --username example.com):$(lpass show --password example.com) \
http://example.com
Example #3 - using curl config
There's an even safer way to hand your credentials off to curl though. This method makes use of the -K switch.
$ curl -X GET -K \
<(cat <<<"user = \"$(lpass show --username example.com):$(lpass show --password example.com)\"") \
http://example.com
When used, your details remain hidden, since they're passed to curl via a temporary file descriptor, for example:
+ curl -skK /dev/fd/63 -XGET -H 'Content-Type: application/json' https://es-data-01a.example.com:9200/_cat/health
++ cat
+++ lpass show --username example.com
+++ lpass show --password example.com
1561075296 00:01:36 rdu-es-01 green 9 6 2171 1085 0 0 0 0 - 100.0%
NOTE: Above I'm communicating with one of our Elasticsearch nodes, inquiring about the cluster's health.
This method is dynamically creating a file with the contents user = "<username>:<password>" and giving that to curl.
HTTP Basic Authorization
The methods shown above are facilitating a feature known as Basic Authorization that's part of the HTTP standard.
When the user agent wants to send authentication credentials to the server, it may use the Authorization field.
The Authorization field is constructed as follows:
- The username and password are combined with a single colon (:). This means that the username itself cannot contain a colon.
- The resulting string is encoded into an octet sequence. The character set to use for this encoding is by default unspecified, as long as it is compatible with US-ASCII, but the server may suggest use of UTF-8 by sending the charset parameter.
- The resulting string is encoded using a variant of Base64.
- The authorization method and a space (e.g. "Basic ") is then prepended to the encoded string.
For example, if the browser uses Aladdin as the username and OpenSesame as the password, then the field's value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
Source: Basic access authentication
Upvotes: 49
Reputation: 39415
Use the -H header again before the Authorization:Basic things. So it will be
curl -i \
-H 'Accept:application/json' \
-H 'Authorization:Basic BASE64_string' \
http://example.com
Here, BASE64_string = Base64 of username:password
Upvotes: 65
Reputation: 16121
How do I set up the basic authorization?
All you need to do is use -u, --user USER[:PASSWORD]. Behind the scenes curl builds the Authorization header with base64 encoded credentials for you.
Example:
curl -u username:password -i -H 'Accept:application/json' http://example.com
Upvotes: 112
Reputation: 746
It can happen for big Intranets, that you will need the base64(domain/user:password).
Upvotes: 0
Reputation: 1
curl -D- -X GET -H "Authorization: Basic ZnJlZDpmcmVk" -H "Content-Type: application/json" http://localhost:7990/rest/api/1.0/projects
--note
base46 encode =ZnJlZDpmcmVk
Upvotes: -6
Related Questions
- Using cURL with a username and password?
- how to use curl command line to access a web page with HTTP Basic Authentication
- How to use basic authorization in PHP curl
- Curl to prompt a User Name and Password
- Curl command for authorization code
- How to pass credentials to curl
- Curl authorization
- How to add authentication header to curl command to request resources?
- Equivalent http request of curl command
- How to form PHP curl request for the following command line?