oauth tutorial - OAuth WWW-Authenticate Response Header Field - oauth2 tutorial - oauth authentication
What is WWW-Authenticate?
- The HTTP WWW-Authenticate response header defines the authentication method that should be used to gain access to a resource.
- The resource server must include the HTTP "WWW-Authenticate" response header field, if the protected resource request contains an access token that is invalid or if the access token is malformed.
- The WWW-Authenticate header is sent along with a 401 Unauthorized response.
|Header type||Response header|
|Forbidden header name||no|
- Authentication type. A common type is "Basic". IANA maintains a list of Authentication schemes.
- A description of the protected area. If no realm is specified, clients often display a formatted hostname instead.
"WWW-Authenticate" header field uses the following format −
- It is an attribute which specifies the scope of protection and is displayed to the users so that they know which username and password to use.
- This attribute must appear only once.
- It is an attribute used to provide a client the specific reason why the access request was declined.
- It is an attribute that provides a human-readable text that can be used to help in understanding the error that occurred.
- It is an attribute that provides a URI to identify a human-readable web page along with the information about the error that has occurred.
- It is an attribute which specifies the required scope of the access token in order to access the requested resource.