;

oauth tutorial - OAuth WWW-Authenticate Response Header Field - oauth2 tutorial - oauth authentication




What is WWW-Authenticate?

oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  oauth implicit requests and responses - what is oauth , saml vs oauth , oauth tutorial
  • The HTTP WWW-Authenticate response header defines the authentication method that should be used to gain access to a resource.
  • The resource server must include the HTTP "WWW-Authenticate" response header field, if the protected resource request contains an access token that is invalid or if the access token is malformed.
  • The WWW-Authenticate header is sent along with a 401 Unauthorized response.
Header type Response header
Forbidden header name no

Syntax

WWW-Authenticate: <type> realm=<realm>
click below button to copy the code. By - oauth tutorial - oauth2 tutorial - team

Directives

<type>

  • Authentication type. A common type is "Basic". IANA maintains a list of Authentication schemes.

realm=<realm>

  • A description of the protected area. If no realm is specified, clients often display a formatted hostname instead.

Examples

WWW-Authenticate: Basic
WWW-Authenticate: Basic realm="Access to the staging site"
click below button to copy the code. By - oauth tutorial - oauth2 tutorial - team

"WWW-Authenticate" header field uses the following format −

challenge               =   "OAuth" RWS token-challenge
token-challenge         =   realm
                            [CS error]
                            [CS error-uri]
                            [CS scope]
                            [CS 1#auth –param]
error                   =   "error"  "=" <"> token <">
error-desc              =   "error_description" "=" quoted-string
error-uri               =   "error_uri" = <"> URI-Reference <">
scope                   =   quoted-value / <"> quoted-value *(1*SP quoted-value) <">
    quoted-value        =   1* quoted-char
click below button to copy the code. By - oauth tutorial - oauth2 tutorial - team

where,

realm :

  • It is an attribute which specifies the scope of protection and is displayed to the users so that they know which username and password to use.
  • This attribute must appear only once.

error :

  • It is an attribute used to provide a client the specific reason why the access request was declined.

error_description :

  • It is an attribute that provides a human-readable text that can be used to help in understanding the error that occurred.

error_uri :

  • It is an attribute that provides a URI to identify a human-readable web page along with the information about the error that has occurred.

scope :

  • It is an attribute which specifies the required scope of the access token in order to access the requested resource.

Related Searches to OAuth WWW-Authenticate Response Header Field