Reputation: 703
HTTP token authentication
After the authentication is successful, my server sends a token ("auth=34dfea103....34df") to the client.
Is it possible (with a HTTP header) to mention to the client that if they want to access private data, they must return the token to prove they are identified?
Or - if it's not possible, can each request require a user name and password?
Upvotes: 0
Views: 1175
Answers (2)
Reputation: 2101
Maybe are you talking about HTTP-Authentication? If you are using Tomcat server, it's easy to achieve this.
See my post here about HTTP-Authentication ; I give a like towards french documentation for Tomcat server.
Upvotes: 1
Reputation: 90
The standard mechanism for informing a client that they are not Authorized is to return a HTTP "401 Unauthorized" response... If you are using a token for auth I'm not sure if there is anyway to specify to the client how they should authenticate. You could include this in a machine parse-able (XML/JSON) body response.
Upvotes: 0
Related Questions
- Basic HTTP and Bearer Token Authentication
- Using a bearer token for authentication(≠ authorization)
- What is token-based authentication?
- Token-based REST API Authentication
- HTTP Authorization Header - Bearer token security
- Implementing a token authentication
- Rest token authentication with HTTP header
- python http request with token
- Is token based authentication secure when
- HTTP Authentication Security