Skip to content

Commit dc4a6e5

Browse files
committed
add documentation for BearerTokenAuth
1 parent b421a94 commit dc4a6e5

1 file changed

Lines changed: 21 additions & 2 deletions

File tree

docs/advanced/authentication.md

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ Or configured on the client instance, ensuring that all outgoing requests will i
1616

1717
## Basic authentication
1818

19-
HTTP basic authentication is an unencrypted authentication scheme that uses a simple encoding of the username and password in the request `Authorization` header. Since it is unencrypted it should typically only be used over `https`, although this is not strictly enforced.
19+
HTTP basic authentication ([RFC 7617](https://datatracker.ietf.org/doc/html/rfc7617)) is an unencrypted authentication scheme that uses a simple encoding of the username and password in the request `Authorization` header. Since it is unencrypted it should typically only be used over `https`, although this is not strictly enforced.
2020

2121
```pycon
2222
>>> auth = httpx.BasicAuth(username="finley", password="secret")
@@ -26,9 +26,28 @@ HTTP basic authentication is an unencrypted authentication scheme that uses a si
2626
<Response [200 OK]>
2727
```
2828

29+
## Bearer Token authentication
30+
31+
Bearer Token authentication ([RFC 6750](https://datatracker.ietf.org/doc/html/rfc6750)) is an unencrypted authentication scheme that uses an API key (Bearer Token) to access OAuth 2.0-protected resources.
32+
There are three variants to transmit the Token:
33+
34+
* `Authorization` Request Header Field
35+
* Form-Encoded Body Parameter
36+
* URI Query Parameter
37+
38+
Since it is unencrypted it should typically only be used over `https`, although this is not strictly enforced.
39+
40+
```pycon
41+
>>> auth = httpx.BearerTokenAuth(bearer_token="secret")
42+
>>> client = httpx.Client(auth=auth)
43+
>>> response = client.get("https://httpbin.org/bearer")
44+
>>> response
45+
<Response [200 OK]>
46+
```
47+
2948
## Digest authentication
3049

31-
HTTP digest authentication is a challenge-response authentication scheme. Unlike basic authentication it provides encryption, and can be used over unencrypted `http` connections. It requires an additional round-trip in order to negotiate the authentication.
50+
HTTP digest authentication ([RFC 7616](https://datatracker.ietf.org/doc/html/rfc7616)) is a challenge-response authentication scheme. Unlike basic authentication it provides encryption, and can be used over unencrypted `http` connections. It requires an additional round-trip in order to negotiate the authentication.
3251

3352
```pycon
3453
>>> auth = httpx.DigestAuth(username="olivia", password="secret")

0 commit comments

Comments
 (0)