"Basic Authentication" in Five Minutes

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone in this video i'm going to explain what basic authentication is and how it's used in under five minutes let's jump into it first off don't confuse this with a basic example of authentication basic authentication is a mechanism or scheme in which a client can authenticate with a web server using a username and password when a client connects to the server the username and password are encoded as an http header okay i'll open my browser to show off a quick example so you can see what i'm talking about i'm going to make sure i have dev tools open and i'm on the network tab as well so if i go to an example page https local.example this page will prompt me for my username and password this is built into the browser it is not part of the web page i didn't write any html for this the browser made a request to the server the server responded with a 401 status code that triggered the browser to prompt me to enter a username and password and when i do that they're going to be sent to the server alright great if i look at the browser's network tab i can see there was an authorization header but the value doesn't look like my username and password it is but it's just encoded it's not encrypted i'll come back to this in a minute but first let's look at the example again from the command line my favorite client is httpi but something like curl would work here too all right so just like before i'm going to make the same request to my local example and you can see again that the server responded with a 401 the important thing to note here is that the server also set a response header this dub dub dub authenticate basic this is how the browser knew to prompt me before it sees this value and it knows to prompt me for username and password so if i make the same request again this time with a username and password i'm going to add the verbose flag so you can see both the request and the response you'll see that same authorization basic header set again with that same value and this time the server responded with 200 and a simple hello message let's get back to how the username and password were actually sent over the wire this value in the authorization header is a base64 encoded version of my username colon password this value needs to be treated as plain text as anyone with this value can decode it i'll recreate this value on the command line but you can use any base64 tool you want such as base64 and code.org so for this i'm going to use echo and i'm going to use my username colon password just super secret which is still a terrible password i'm going to pipe that into base 64. and i'm going to get back the same value as up here so on the server the server would decode this base64 encoding value so inc echo n will send this value to base 64. this time we use decode and again we'll get the value out on the server side the server would just split the string at the colon and that's how it would find the username and password alright so you might be wondering if basic authentication is still relevant today the answer is always it depends if you're building a new web server you probably don't need to worry about basic authentication for legacy applications it's important to understand how it works if you're dumping requests to log files or using them some other way you need to make sure you're not including the authorization header because again that value is basically plain text another important thing to point out here is that anytime basic authentication is used it must be done over https or tls so the communication will be encrypted not all legacy though there are parts of the oauth2 spec for example that use basic authentication but it's limited to trusted clients and again those clients need to use tls all right thanks for watching i hope you learned a bit about basic authentication so you know the drill let us know you like this video give us a thumbs up ring the bell do a jig and hit that subscribe button that way we can create more content like this until next time
Info
Channel: OktaDev
Views: 153,120
Rating: undefined out of 5
Keywords: security, authentication, basic auth, http
Id: rhi1eIjSbvk
Channel Id: undefined
Length: 5min 6sec (306 seconds)
Published: Tue Aug 10 2021
Related Videos
oAuth for Beginners - How oauth authenticationđź”’ works ?
IT k Funde
31K
Web Authentication Methods Explained
Software Developer Diaries
19K
SSL, TLS, HTTP, HTTPS Explained
PowerCert Animated Videos
2.5M
How to use headers in REST APIs? Different types of headers, how and where to use?
sudoCODE
102K
What is OAuth and why does it matter? - OAuth in Five Minutes
OktaDev
146K
OAuth 2.0 and OpenID Connect (in plain English)
OktaDev
1.7M
Basic Authentication in Dotnet API
ScriptBytes
3.5K
What is a REST API?
IBM Technology
1.5M
Everything You Ever Wanted to Know About Authentication
Twilio
101K
APIs Explained (in 4 Minutes)
Exponent
709K
14. Understanding Different Types of Authentications in REST API | REST API Authentication Explained
Krishna Sakinala
2.8K
Difference between cookies, session and tokens
Valentin Despa
596K
An Illustrated Guide to OAuth and OpenID Connect
OktaDev
563K
OAuth 2.0 explained with examples
ByteMonk
105K
OAuth 2 Explained In Simple Terms
ByteByteGo
348K
Web Server Concepts and Examples
WebConcepts
232K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.