1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_HTTPAUTH 5Section: 3 6Source: libcurl 7Protocol: 8 - HTTP 9See-also: 10 - CURLOPT_PASSWORD (3) 11 - CURLOPT_PROXYAUTH (3) 12 - CURLOPT_USERNAME (3) 13Added-in: 7.10.6 14--- 15 16# NAME 17 18CURLOPT_HTTPAUTH - HTTP server authentication methods to try 19 20# SYNOPSIS 21 22~~~c 23#include <curl/curl.h> 24 25CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPAUTH, long bitmask); 26~~~ 27 28# DESCRIPTION 29 30Pass a long as parameter, which is set to a bitmask, to tell libcurl which 31authentication method(s) you want it to use speaking to the remote server. 32 33The available bits are listed below. If more than one bit is set, libcurl 34first queries the host to see which authentication methods it supports and 35then picks the best one you allow it to use. For some methods, this induces an 36extra network round-trip. Set the actual name and password with the 37CURLOPT_USERPWD(3) option or with the CURLOPT_USERNAME(3) and the 38CURLOPT_PASSWORD(3) options. 39 40For authentication with a proxy, see CURLOPT_PROXYAUTH(3). 41 42## CURLAUTH_BASIC 43 44HTTP Basic authentication. This is the default choice, and the only method 45that is in wide-spread use and supported virtually everywhere. This sends 46the username and password over the network in plain text, easily captured by 47others. 48 49## CURLAUTH_DIGEST 50 51HTTP Digest authentication. Digest authentication is defined in RFC 2617 and 52is a more secure way to do authentication over public networks than the 53regular old-fashioned Basic method. 54 55## CURLAUTH_DIGEST_IE 56 57HTTP Digest authentication with an IE flavor. Digest authentication is defined 58in RFC 2617 and is a more secure way to do authentication over public networks 59than the regular old-fashioned Basic method. The IE flavor is simply that 60libcurl uses a special "quirk" that IE is known to have used before version 7 61and that some servers require the client to use. 62 63## CURLAUTH_BEARER 64 65HTTP Bearer token authentication, used primarily in OAuth 2.0 protocol. 66 67You can set the Bearer token to use with CURLOPT_XOAUTH2_BEARER(3). 68 69## CURLAUTH_NEGOTIATE 70 71HTTP Negotiate (SPNEGO) authentication. Negotiate authentication is defined 72in RFC 4559 and is the most secure way to perform authentication over HTTP. 73 74You need to build libcurl with a suitable GSS-API library or SSPI on Windows 75for this to work. 76 77## CURLAUTH_NTLM 78 79HTTP NTLM authentication. A proprietary protocol invented and used by 80Microsoft. It uses a challenge-response and hash concept similar to Digest, to 81prevent the password from being eavesdropped. 82 83You need to build libcurl with either OpenSSL or GnuTLS support for this 84option to work, or build libcurl on Windows with SSPI support. 85 86## CURLAUTH_NTLM_WB 87 88Support for this is removed since libcurl 8.8.0. 89 90NTLM delegating to winbind helper. Authentication is performed by a separate 91binary application that is executed when needed. The name of the application 92is specified at compile time but is typically **/usr/bin/ntlm_auth**. 93 94Note that libcurl forks when necessary to run the winbind application and kill 95it when complete, calling **waitpid()** to await its exit when done. On POSIX 96operating systems, killing the process causes a SIGCHLD signal to be raised 97(regardless of whether CURLOPT_NOSIGNAL(3) is set), which must be handled 98intelligently by the application. In particular, the application must not 99unconditionally call wait() in its SIGCHLD signal handler to avoid being 100subject to a race condition. This behavior is subject to change in future 101versions of libcurl. 102 103## CURLAUTH_ANY 104 105This is a convenience macro that sets all bits and thus makes libcurl pick any 106it finds suitable. libcurl automatically selects the one it finds most secure. 107 108## CURLAUTH_ANYSAFE 109 110This is a convenience macro that sets all bits except Basic and thus makes 111libcurl pick any it finds suitable. libcurl automatically selects the one it 112finds most secure. 113 114## CURLAUTH_ONLY 115 116This is a meta symbol. OR this value together with a single specific auth 117value to force libcurl to probe for unrestricted auth and if not, only that 118single auth algorithm is acceptable. 119 120## CURLAUTH_AWS_SIGV4 121 122provides AWS V4 signature authentication on HTTPS header 123see CURLOPT_AWS_SIGV4(3). 124 125# DEFAULT 126 127CURLAUTH_BASIC 128 129# %PROTOCOLS% 130 131# EXAMPLE 132 133~~~c 134int main(void) 135{ 136 CURL *curl = curl_easy_init(); 137 if(curl) { 138 CURLcode ret; 139 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 140 /* allow whatever auth the server speaks */ 141 curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_ANY); 142 curl_easy_setopt(curl, CURLOPT_USERPWD, "james:bond"); 143 ret = curl_easy_perform(curl); 144 } 145} 146~~~ 147 148# HISTORY 149 150CURLAUTH_DIGEST_IE was added in 7.19.3 151 152CURLAUTH_ONLY was added in 7.21.3 153 154CURLAUTH_NTLM_WB was added in 7.22.0 155 156CURLAUTH_BEARER was added in 7.61.0 157 158CURLAUTH_AWS_SIGV4 was added in 7.74.0 159 160# %AVAILABILITY% 161 162# RETURN VALUE 163 164Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 165CURLE_NOT_BUILT_IN if the bitmask specified no supported authentication 166methods. 167
