1CURLOPT_HTTPAUTH(3) curl_easy_setopt options CURLOPT_HTTPAUTH(3)
2
3
4
6 CURLOPT_HTTPAUTH - set HTTP server authentication methods to try
7
9 #include <curl/curl.h>
10
11 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPAUTH, long bitmask);
12
14 Pass a long as parameter, which is set to a bitmask, to tell libcurl
15 which authentication method(s) you want it to use speaking to the re‐
16 mote server.
17
18 The available bits are listed below. If more than one bit is set,
19 libcurl will first query the site to see which authentication methods
20 it supports and then pick the best one you allow it to use. For some
21 methods, this will induce an extra network round-trip. Set the actual
22 name and password with the CURLOPT_USERPWD(3) option or with the CUR‐
23 LOPT_USERNAME(3) and the CURLOPT_PASSWORD(3) options.
24
25 For authentication with a proxy, see CURLOPT_PROXYAUTH(3).
26
27
28 CURLAUTH_BASIC
29 HTTP Basic authentication. This is the default choice, and the
30 only method that is in wide-spread use and supported virtually
31 everywhere. This sends the user name and password over the net‐
32 work in plain text, easily captured by others.
33
34 CURLAUTH_DIGEST
35 HTTP Digest authentication. Digest authentication is defined in
36 RFC2617 and is a more secure way to do authentication over pub‐
37 lic networks than the regular old-fashioned Basic method.
38
39 CURLAUTH_DIGEST_IE
40 HTTP Digest authentication with an IE flavor. Digest authenti‐
41 cation is defined in RFC2617 and is a more secure way to do au‐
42 thentication over public networks than the regular old-fashioned
43 Basic method. The IE flavor is simply that libcurl will use a
44 special "quirk" that IE is known to have used before version 7
45 and that some servers require the client to use.
46
47 CURLAUTH_BEARER
48 HTTP Bearer token authentication, used primarily in OAuth 2.0
49 protocol.
50
51 You can set the Bearer token to use with CUR‐
52 LOPT_XOAUTH2_BEARER(3).
53
54 CURLAUTH_NEGOTIATE
55 HTTP Negotiate (SPNEGO) authentication. Negotiate authentication
56 is defined in RFC 4559 and is the most secure way to perform au‐
57 thentication over HTTP.
58
59 You need to build libcurl with a suitable GSS-API library or
60 SSPI on Windows for this to work.
61
62 CURLAUTH_NTLM
63 HTTP NTLM authentication. A proprietary protocol invented and
64 used by Microsoft. It uses a challenge-response and hash concept
65 similar to Digest, to prevent the password from being eaves‐
66 dropped.
67
68 You need to build libcurl with either OpenSSL, GnuTLS or NSS
69 support for this option to work, or build libcurl on Windows
70 with SSPI support.
71
72 CURLAUTH_NTLM_WB
73 NTLM delegating to winbind helper. Authentication is performed
74 by a separate binary application that is executed when needed.
75 The name of the application is specified at compile time but is
76 typically /usr/bin/ntlm_auth
77
78 Note that libcurl will fork when necessary to run the winbind
79 application and kill it when complete, calling waitpid() to
80 await its exit when done. On POSIX operating systems, killing
81 the process will cause a SIGCHLD signal to be raised (regardless
82 of whether CURLOPT_NOSIGNAL(3) is set), which must be handled
83 intelligently by the application. In particular, the application
84 must not unconditionally call wait() in its SIGCHLD signal han‐
85 dler to avoid being subject to a race condition. This behavior
86 is subject to change in future versions of libcurl.
87
88 CURLAUTH_ANY
89 This is a convenience macro that sets all bits and thus makes
90 libcurl pick any it finds suitable. libcurl will automatically
91 select the one it finds most secure.
92
93 CURLAUTH_ANYSAFE
94 This is a convenience macro that sets all bits except Basic and
95 thus makes libcurl pick any it finds suitable. libcurl will au‐
96 tomatically select the one it finds most secure.
97
98 CURLAUTH_ONLY
99 This is a meta symbol. OR this value together with a single spe‐
100 cific auth value to force libcurl to probe for un-restricted
101 auth and if not, only that single auth algorithm is acceptable.
102
103 CURLAUTH_AWS_SIGV4
104 provides AWS V4 signature authentication on HTTPS header see
105 CURLOPT_AWS_SIGV4(3).
106
108 CURLAUTH_BASIC
109
111 HTTP
112
114 CURL *curl = curl_easy_init();
115 if(curl) {
116 CURLcode ret;
117 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
118 /* allow whatever auth the server speaks */
119 curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
120 curl_easy_setopt(curl, CURLOPT_USERPWD, "james:bond");
121 ret = curl_easy_perform(curl);
122 }
123
125 Option Added in 7.10.6.
126
127 CURLAUTH_DIGEST_IE was added in 7.19.3
128
129 CURLAUTH_ONLY was added in 7.21.3
130
131 CURLAUTH_NTLM_WB was added in 7.22.0
132
133 CURLAUTH_BEARER was added in 7.61.0
134
135 CURLAUTH_AWS_SIGV4 was added in 7.74.0
136
138 Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if
139 not, or CURLE_NOT_BUILT_IN if the bitmask specified no supported au‐
140 thentication methods.
141
143 CURLOPT_PROXYAUTH(3), CURLOPT_USERPWD(3),
144
145
146
147libcurl 7.76.1 July 03, 2020 CURLOPT_HTTPAUTH(3)