Basic HTTP and Bearer Token Authentication

Question

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I\'m still trying to figu

Answer 1

With nginx you can send both tokens like this (even though it's against the standard):

Authorization: Basic basic-token,Bearer bearer-token

This works as long as the basic token is first - nginx successfully forwards it to the application server.

And then you need to make sure your application can properly extract the Bearer from the above string.