cUrls's option “-u”

Question

From cUrl docs:

-u, --user 

Specify the user name, password and optional login options to use for server authentication. Overri         


        

Answer 1

In PHP/nginx, it's available in this array element as a base64 encoded string. It works both on GET and POST (curl -X POST ) methods.

$_SERVER['HTTP_AUTHORIZATION']

Request:

curl http://127.0.0.1:8080/test.php  -u arun:12345

value in $_SERVER['HTTP_AUTHORIZATION']:

Basic YXJ1bjoxMjM0NQ==

Answer 2

There is an easier way to do. Do it this way

curl "http://user:pass@www.example.com"

Answer 3

It all depends on the authentication method but for the most common ones - Basic Auth and Digest Auth, this works with ad hoc HTTP headers. Here's an example with Basic Auth:

curl -u john:pwd http://foo.com/misc

This performs a GET request with the corresponding header:

GET /misc HTTP/1.1
Authorization: Basic am9objpwd2Q=
User-Agent: curl/7.33.0
Host: foo.com
Accept: */*

The Authorization header contains the authentication data the server is supposed to parse, base64 decode[1] and use. The same header would be set with a POST request. You can easily test it out with a service like httpbin(1) (see /basic-auth/:user/:passwd endpoint).

Digest auth is a bit more complex but works with HTTP headers too:

• the client first send its request, the server replies with a 401 Unauthorized including a WWW-Authenticate header with a challenge to solve,
• the client solves the challenge and send another request with the response included into a Authorization header which has to be parsed and validated on the server-side.

[1]: base64("john:pwd") -> am9objpwd2Q=