Common HTTP headers¶
Basic format e.g. the basic auth¶
Authorization: Basic XXX
XXX is a string
username:password encoded as Base64.
The browser will usually understand and save this format directly, e.g. you will not need to implement support for sessions in the client.
However, implementing features like sign out is much harder and the username and password will be stored plain text format.
Bearer format e.g. the token authentication¶
Authorization: Bearer TOKEN
TOKEN is authentication token from the backend.
Usually you'll get a token when you sign in.
To perform a request which must be authenticated later, you'll pass the token
back to the server. This way, you don't need to save username and password
The token is often a JWT token. When working on the client side, you don't need to know much about the format.