oauth tutorial - OAuth WWW-Authenticate Response Header Field - oauth2 tutorial - oauth authentication
What is WWW-Authenticate?
- The HTTP WWW-Authenticate response header defines the authentication method that should be used to gain access to a resource.
- The resource server must include the HTTP "WWW-Authenticate" response header field, if the protected resource request contains an access token that is invalid or if the access token is malformed.
- The WWW-Authenticate header is sent along with a 401 Unauthorized response.
Header type | Response header |
---|---|
Forbidden header name | no |
Syntax
Directives
<type>
- Authentication type. A common type is "Basic". IANA maintains a list of Authentication schemes.
realm=<realm>
- A description of the protected area. If no realm is specified, clients often display a formatted hostname instead.
Examples
"WWW-Authenticate" header field uses the following format −
where,
realm :
- It is an attribute which specifies the scope of protection and is displayed to the users so that they know which username and password to use.
- This attribute must appear only once.
error :
- It is an attribute used to provide a client the specific reason why the access request was declined.
error_description :
- It is an attribute that provides a human-readable text that can be used to help in understanding the error that occurred.
error_uri :
- It is an attribute that provides a URI to identify a human-readable web page along with the information about the error that has occurred.
scope :
- It is an attribute which specifies the required scope of the access token in order to access the requested resource.