WWW-Authenticate
The WWW-Authenticate header field is an [[HTTP Headers|HTTP header]] used in the process of HTTP authentication. It is typically sent by a web server as part of an HTTP response when the server requires authentication from the client (typically a web browser or other user agent) to access a specific resource or perform a particular action.
The WWW-Authenticate header informs the client about the authentication method(s) supported by the server and provides the necessary information for the client to initiate the authentication process. The client, upon receiving this header, can then respond with an appropriate authentication request.
Common authentication methods specified in the WWW-Authenticate header include:
- [[Basic HTTP Authentication|Basic Authentication]]: This method involves sending a base64-encoded username and password combination in the
Authorizationheader of the client's subsequent request. For example:
WWW-Authenticate: Basic realm="Example"
The client responds with:
Authorization: Basic base64-encoded-credentials
- [[Digest Authentication]]: This method uses a challenge-response mechanism to authenticate the client. The server sends a challenge in the "WWW-Authenticate" header and the client responds with a hash of the challenge, password and other information. For example:
WWW-Authenticate: Digest realm="Example", qop="auth", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"
The client responds with a hashed version of the challenge and other data in the Authorization header.
- [[Bearer Token Authentication]]: This method involves sending a token in the Authorization header, typically used for [[Knowledge Base/OAuth]] 2.0 and other token-based authentication systems. For example:
WWW-Authenticate: Bearer realm="Example", error="invalid_token", error_description="The access token expired"
The client responds with:
Authorization: Bearer access-token
- [[Negotiate Authentication]]: This method is used for [[Single Sign-On (SSO)]] scenarios and allows clients to authenticate using various authentication protocols such as [[NTLM]] and [[Kerberos Authentication]]. For example:
WWW-Authenticate: Negotiate
The realm parameter in the WWW-Authenticate header typically specifies a description of the protected area or the authentication realm, helping users understand why authentication is required.
Info
When a client receives a WWW-Authenticate header, it prompts the user for the necessary credentials and constructs an appropriate Authorization header to include in subsequent requests. The server then validates the credentials and decides whether to grant access to the requested resource.