发表新帖
发表新帖

What does '--user' mean with curl

后端 未结
关注
4 1966
傲寒
傲寒 2020-12-29 19:15

I\'m working with an API and I have to send a POST request. I know how to set a header (-H) and (-d) is the body, but what is \"--user\".

If I submit this with Postm

相关标签:
4条回答
  • 北恋
    2020-12-29 19:57

    --user parameter in curl used for server authentication. So if you don't define authentication type via other parameters like --digest or --negotiate, it means USER parameter for http basic authentication, it also could be combined with :PASSWORD chunk to set a password as well. The full answer on your question depends on what kind authentication is used behind API you are sending request to, and maybe curl would not be enough for it, as it support a limited set of authentication schemes ...

    0 讨论(0)
  • 旧巷少年郎
    2020-12-29 20:08

    Specify the user name and password to use for server authentication. If you simply specify the user name, curl will prompt for a password.

    If your curl request does not have any -- user, then server that requires authentication sends back a 401 response code and an associated WWW-Authenticate: header that lists all the authentication methods that the server supports.

    < HTTP/1.1 401 
< WWW-Authenticate: Basic realm="oauth2/client"

    Then you will know the server is using Basic authentication

    You can add --basic to explicitly tell it is Basic authentication

    Please refer to HTTP authentication for more information

    0 讨论(0)
  • 臣服心动
    2020-12-29 20:12

    --user (or -u) in curl provides a basic auth to your request.

    In Postman you can achieve the same result with a choice in Authorization tab.

    --user "<client_id>:<client_secret>" becomes

    • Type: Basic Auth
    • Username: client_id
    • Password: client_secret

    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-29 20:14

    Late to the party, but here goes...

    You can use curl with the -v (verbose) parameter to see the headers sent. You will then see that the information provided with --user is transformed into a header, such as:

    Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

    The text after the Basic keyword is a base64 encoded text string of the username:password combination provided with the --user parameter

    To manually generate the base64 encoded credentials on Linux, you can simply call:

    echo -n "username:password" | base64 -w0

    For windows, save the "username:password" to a file, then use certutil.exe to create a base64 encoded file:

    certutil -encode credentials.txt credentials.asc

    To test this end to end, you can remove --user username:password and substitute with --header Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l and it will still authenticate just fine.

    To do this manually without curl, you would need to base64 encode username:password combination. You would then need to set the HTTP Authorization header with the type as Basic along with the base64 encoded string.

    0 讨论(0)
 看不清?
提交回复
热议问题