basic authorization command for curl
CurlAuthorizationCurl Problem Overview
How do I set up the basic authorization using 64 encoded credentials ? I tried below the two commands but of no use , please suggest.
curl -i -H 'Accept:application/json' Authorization:Basic <username:password> http://example.com
curl -i -H 'Accept:application/json' Authorization:Basic.base64_encode(username:password) http://example.com
Curl Solutions
Solution 1 - Curl
> How do I set up the basic authorization?
All you need to do is use -u, --user USER[:PASSWORD]
. Behind the scenes curl
builds the Authorization
header with base64 encoded credentials for you.
Example:
curl -u username:password -i -H 'Accept:application/json' http://example.com
Solution 2 - Curl
Use the -H
header again before the Authorization:Basic things. So it will be
curl -i \
-H 'Accept:application/json' \
-H 'Authorization:Basic BASE64_string' \
http://example.com
Here, BASE64_string
= Base64 of username:password
Solution 3 - Curl
Background
You can use the base64
CLI tool to generate the base64 encoded version of your username + password like this:
$ echo -n "joeuser:secretpass" | base64
am9ldXNlcjpzZWNyZXRwYXNz
-or-
$ base64 <<<"joeuser:secretpass"
am9ldXNlcjpzZWNyZXRwYXNzCg==
Base64 is reversible so you can also decode it to confirm like this:
$ echo -n "joeuser:secretpass" | base64 | base64 -D
joeuser:secretpass
-or-
$ base64 <<<"joeuser:secretpass" | base64 -D
joeuser:secretpass
NOTE: username = joeuser, password = secretpass
Example #1 - using -H
You can put this together into curl
like this:
$ curl -H "Authorization: Basic $(base64 <<<"joeuser:secretpass")" http://example.com
Example #2 - using -u
Most will likely agree that if you're going to bother doing this, then you might as well just use curl
's -u
option.
> $ curl --help |grep -- "--user " > -u, --user USER[:PASSWORD] Server user and password
For example:
$ curl -u someuser:secretpass http://example.com
But you can do this in a semi-safer manner if you keep your credentials in a encrypted vault service such as LastPass or Pass.
For example, here I'm using the LastPass' CLI tool, lpass
, to retrieve my credentials:
$ curl -u $(lpass show --username example.com):$(lpass show --password example.com) \
http://example.com
Example #3 - using curl config
There's an even safer way to hand your credentials off to curl
though. This method makes use of the -K
switch.
$ curl -X GET -K \
<(cat <<<"user = \"$(lpass show --username example.com):$(lpass show --password example.com)\"") \
http://example.com
When used, your details remain hidden, since they're passed to curl
via a temporary file descriptor, for example:
+ curl -skK /dev/fd/63 -XGET -H 'Content-Type: application/json' https://es-data-01a.example.com:9200/_cat/health
++ cat
+++ lpass show --username example.com
+++ lpass show --password example.com
1561075296 00:01:36 rdu-es-01 green 9 6 2171 1085 0 0 0 0 - 100.0%
NOTE: Above I'm communicating with one of our Elasticsearch nodes, inquiring about the cluster's health.
This method is dynamically creating a file with the contents user = "<username>:<password>"
and giving that to curl
.
HTTP Basic Authorization
The methods shown above are facilitating a feature known as Basic Authorization that's part of the HTTP standard.
> When the user agent wants to send authentication credentials to the > server, it may use the Authorization field. > > The Authorization field is constructed as follows: > > 1. The username and password are combined with a single colon (:). > This means that the username itself cannot contain a colon. > 2. The resulting string is encoded into an octet sequence. The character set > to use for this encoding is by default unspecified, as > long as it is compatible with US-ASCII, but the server may suggest use > of UTF-8 by sending the charset parameter. > 3. The resulting string is encoded using a variant of Base64. > 4. The authorization method and a space (e.g. "Basic ") is then prepended to > the encoded string. > > For example, if the browser uses Aladdin as the username and > OpenSesame as the password, then the field's value is the > base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l. > Then the Authorization header will appear as: > > Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
Source: Basic access authentication
Solution 4 - Curl
One way, provide --user
flag as part of curl
, as follows:
curl --user username:password http://example.com
Another way is to get Base64 encoded token of "username:password" from any online website like - https://www.base64encode.org/ and pass it as Authorization
header of curl
as follows:
curl -i -H 'Authorization:Basic dXNlcm5hbWU6cGFzc3dvcmQ=' http://localhost:8080/
Here, dXNlcm5hbWU6cGFzc3dvcmQ=
is Base64
encoded token of username:password
.
Solution 5 - Curl
It can happen for big Intranets, that you will need the base64(domain/user:password).
Solution 6 - Curl
>curl -D- -X GET -H "Authorization: Basic ZnJlZDpmcmVk" -H "Content-Type: application/json" http://localhost:7990/rest/api/1.0/projects
--note
base46 encode =ZnJlZDpmcmVk