1CURLOPT_HTTPAUTH(3)        curl_easy_setopt options        CURLOPT_HTTPAUTH(3)
2
3
4

NAME

6       CURLOPT_HTTPAUTH - HTTP server authentication methods to try
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPAUTH, long bitmask);
12

DESCRIPTION

14       Pass  a  long  as parameter, which is set to a bitmask, to tell libcurl
15       which authentication method(s) you want it to use speaking to  the  re‐
16       mote server.
17
18       The  available  bits  are  listed  below.  If more than one bit is set,
19       libcurl will first query the site to see which  authentication  methods
20       it  supports  and  then pick the best one you allow it to use. For some
21       methods, this will induce an extra network round-trip. Set  the  actual
22       name  and  password with the CURLOPT_USERPWD(3) option or with the CUR‐
23       LOPT_USERNAME(3) and the CURLOPT_PASSWORD(3) options.
24
25       For authentication with a proxy, see CURLOPT_PROXYAUTH(3).
26
27
28       CURLAUTH_BASIC
29              HTTP Basic authentication. This is the default choice,  and  the
30              only  method  that is in wide-spread use and supported virtually
31              everywhere. This sends the user name and password over the  net‐
32              work in plain text, easily captured by others.
33
34       CURLAUTH_DIGEST
35              HTTP Digest authentication.  Digest authentication is defined in
36              RFC2617 and is a more secure way to do authentication over  pub‐
37              lic networks than the regular old-fashioned Basic method.
38
39       CURLAUTH_DIGEST_IE
40              HTTP  Digest authentication with an IE flavor.  Digest authenti‐
41              cation is defined in RFC2617 and is a more secure way to do  au‐
42              thentication over public networks than the regular old-fashioned
43              Basic method. The IE flavor is simply that libcurl  will  use  a
44              special  "quirk"  that IE is known to have used before version 7
45              and that some servers require the client to use.
46
47       CURLAUTH_BEARER
48              HTTP Bearer token authentication, used primarily  in  OAuth  2.0
49              protocol.
50
51              You    can   set   the   Bearer   token   to   use   with   CUR‐
52              LOPT_XOAUTH2_BEARER(3).
53
54       CURLAUTH_NEGOTIATE
55              HTTP Negotiate (SPNEGO) authentication. Negotiate authentication
56              is defined in RFC 4559 and is the most secure way to perform au‐
57              thentication over HTTP.
58
59              You need to build libcurl with a  suitable  GSS-API  library  or
60              SSPI on Windows for this to work.
61
62       CURLAUTH_NTLM
63              HTTP  NTLM  authentication.  A proprietary protocol invented and
64              used by Microsoft. It uses a challenge-response and hash concept
65              similar  to  Digest,  to  prevent the password from being eaves‐
66              dropped.
67
68              You need to build libcurl with either  OpenSSL,  GnuTLS  or  NSS
69              support  for  this  option  to work, or build libcurl on Windows
70              with SSPI support.
71
72       CURLAUTH_NTLM_WB
73              NTLM delegating to winbind helper. Authentication  is  performed
74              by  a  separate binary application that is executed when needed.
75              The name of the application is specified at compile time but  is
76              typically /usr/bin/ntlm_auth
77
78              Note  that  libcurl  will fork when necessary to run the winbind
79              application and kill it  when  complete,  calling  waitpid()  to
80              await  its  exit  when done. On POSIX operating systems, killing
81              the process will cause a SIGCHLD signal to be raised (regardless
82              of  whether  CURLOPT_NOSIGNAL(3)  is set), which must be handled
83              intelligently by the application. In particular, the application
84              must  not unconditionally call wait() in its SIGCHLD signal han‐
85              dler to avoid being subject to a race condition.  This  behavior
86              is subject to change in future versions of libcurl.
87
88       CURLAUTH_ANY
89              This  is  a  convenience macro that sets all bits and thus makes
90              libcurl pick any it finds suitable. libcurl  will  automatically
91              select the one it finds most secure.
92
93       CURLAUTH_ANYSAFE
94              This  is a convenience macro that sets all bits except Basic and
95              thus makes libcurl pick any it finds suitable. libcurl will  au‐
96              tomatically select the one it finds most secure.
97
98       CURLAUTH_ONLY
99              This is a meta symbol. OR this value together with a single spe‐
100              cific auth value to force libcurl  to  probe  for  un-restricted
101              auth and if not, only that single auth algorithm is acceptable.
102
103       CURLAUTH_AWS_SIGV4
104              provides  AWS  V4  signature  authentication on HTTPS header see
105              CURLOPT_AWS_SIGV4(3).
106

DEFAULT

108       CURLAUTH_BASIC
109

PROTOCOLS

111       HTTP
112

EXAMPLE

114       CURL *curl = curl_easy_init();
115       if(curl) {
116         CURLcode ret;
117         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
118         /* allow whatever auth the server speaks */
119         curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
120         curl_easy_setopt(curl, CURLOPT_USERPWD, "james:bond");
121         ret = curl_easy_perform(curl);
122       }
123

AVAILABILITY

125       Option Added in 7.10.6.
126
127       CURLAUTH_DIGEST_IE was added in 7.19.3
128
129       CURLAUTH_ONLY was added in 7.21.3
130
131       CURLAUTH_NTLM_WB was added in 7.22.0
132
133       CURLAUTH_BEARER was added in 7.61.0
134
135       CURLAUTH_AWS_SIGV4 was added in 7.74.0
136

RETURN VALUE

138       Returns CURLE_OK if the option is  supported,  CURLE_UNKNOWN_OPTION  if
139       not,  or  CURLE_NOT_BUILT_IN  if the bitmask specified no supported au‐
140       thentication methods.
141

SEE ALSO

143       CURLOPT_PROXYAUTH(3), CURLOPT_USERPWD(3),
144
145
146
147libcurl 7.85.0                   May 17, 2022              CURLOPT_HTTPAUTH(3)
Impressum