Authentication
An application considers a user authenticated when their identity has been successfully validated against a trusted store. Such trusted stores can either be any kind of specially maintained database, storing the credentials of the application (basic authentication), or a third-party service that checks a given identity against its own trusted store (third-party authentication).
Basic authentication
HTTP basic authentication is one of the most popular and straightforward authentication mechanisms available out there. It relies on HTTP headers in the request, which provide the user's credentials. Optionally, the server may reply with a header, forcing the clients to authenticate themselves. The following diagram shows a client-server interaction when basic authentication is carried out:
Whenever an HTTP request is sent to an endpoint secured by HTTP basic authentication, the server replies with an HTTP 401 Unauthorized
status code, and, optionally, with a WWW-Authenticate
header...