Web API Authentication Basic vs Bearer

basic-authentication jwt bearer-token
SharmaPattar picture SharmaPattar · Dec 1, 2015 · Viewed 41.6k times · Source

I have created JWT based Authentication in my Web API application. I am not able to figure out the difference between

  1. Basic Token
  2. Bearer Token

Can someone please help me?

Answer

Florent Morselli picture Florent Morselli · Dec 1, 2015

The Basic and Digest authentication schemes are dedicated to the authentication using a username and a secret (see RFC7616 and RFC7617).

The Bearer authentication scheme is dedicated to the authentication using a token and is described by the RFC6750. Even if this scheme comes from an OAuth2 specification, you can still use it in any other context where tokens are exchange between a client and a server.

Concerning the JWT authentication and as it is a token, the best choice is the Bearer authentication scheme. Nevertheless, nothing prevent you from using a custom scheme that could fit on your requirements.

Related questions

Does securing a REST application with a JWT and Basic authentication make sense?

I have a Spring REST application which at first was secured with Basic authentication. Then I added a login controller that creates a JWT JSON Web Token which is used in subsequent requests. Could I move the following code out …

Read More
How do I make a request using HTTP basic authentication with PHP curl?

I'm building a REST web service client in PHP and at the moment I'm using curl to make requests to the service. How do I use curl to make authenticated (http basic) requests? Do I have to add the headers …

Read More
HTTP Basic Authentication - what's the expected web browser experience?

When a server allows access via Basic HTTP Authentication, what is the experience expected to be in a web browser? Ignoring the web browser for a moment, here's how to create a Basic Auth request with curl: curl -u myusername:…

Read More