Provided by: libcurl4-doc_8.9.1-2ubuntu2.2_all bug

NAME
       CURLOPT_HTTPAUTH - HTTP server authentication methods to try


SYNOPSIS
       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPAUTH, long bitmask);


DESCRIPTION
       Pass  a  long as parameter, which is set to a bitmask, to tell libcurl which authentication method(s) you
       want it to use speaking to the remote server.

       The available bits are listed below. If more than one bit is set, libcurl first queries the host  to  see
       which  authentication  methods  it  supports  and  then  picks the best one you allow it to use. For some
       methods, this  induces  an  extra  network  round-trip.  Set  the  actual  name  and  password  with  the
       CURLOPT_USERPWD(3) option or with the CURLOPT_USERNAME(3) and the CURLOPT_PASSWORD(3) options.

       For authentication with a proxy, see CURLOPT_PROXYAUTH(3).

       CURLAUTH_BASIC
              HTTP  Basic authentication. This is the default choice, and the only method that is in wide-spread
              use and supported virtually everywhere. This sends the username and password over the  network  in
              plain text, easily captured by others.

       CURLAUTH_DIGEST
              HTTP  Digest authentication. Digest authentication is defined in RFC 2617 and is a more secure way
              to do authentication over public networks than the regular old-fashioned Basic method.

       CURLAUTH_DIGEST_IE
              HTTP Digest authentication with an IE flavor. Digest authentication is defined in RFC 2617 and  is
              a  more  secure way to do authentication over public networks than the regular old-fashioned Basic
              method. The IE flavor is simply that libcurl uses a special "quirk" that IE is known to have  used
              before version 7 and that some servers require the client to use.

       CURLAUTH_BEARER
              HTTP Bearer token authentication, used primarily in OAuth 2.0 protocol.

              You can set the Bearer token to use with CURLOPT_XOAUTH2_BEARER(3).

       CURLAUTH_NEGOTIATE
              HTTP Negotiate (SPNEGO) authentication. Negotiate authentication is defined in RFC 4559 and is the
              most secure way to perform authentication over HTTP.

              You need to build libcurl with a suitable GSS-API library or SSPI on Windows for this to work.

       CURLAUTH_NTLM
              HTTP  NTLM  authentication.  A  proprietary  protocol  invented  and  used by Microsoft. It uses a
              challenge-response and hash concept  similar  to  Digest,  to  prevent  the  password  from  being
              eavesdropped.

              You  need to build libcurl with either OpenSSL or GnuTLS support for this option to work, or build
              libcurl on Windows with SSPI support.

       CURLAUTH_NTLM_WB
              Support for this is removed since libcurl 8.8.0.

              NTLM delegating to winbind helper. Authentication is performed by a  separate  binary  application
              that  is  executed  when  needed.  The name of the application is specified at compile time but is
              typically /usr/bin/ntlm_auth.

              Note that libcurl forks when necessary to run the winbind application and kill it  when  complete,
              calling  waitpid()  to  await  its exit when done. On POSIX operating systems, killing the process
              causes a SIGCHLD signal to be raised (regardless of whether  CURLOPT_NOSIGNAL(3)  is  set),  which
              must  be  handled  intelligently  by  the  application.  In  particular,  the application must not
              unconditionally call wait() in its SIGCHLD signal  handler  to  avoid  being  subject  to  a  race
              condition. This behavior is subject to change in future versions of libcurl.

       CURLAUTH_ANY
              This  is a convenience macro that sets all bits and thus makes libcurl pick any it finds suitable.
              libcurl automatically selects the one it finds most secure.

       CURLAUTH_ANYSAFE
              This is a convenience macro that sets all bits except Basic and thus makes  libcurl  pick  any  it
              finds suitable. libcurl automatically selects the one it finds most secure.

       CURLAUTH_ONLY
              This  is  a meta symbol. OR this value together with a single specific auth value to force libcurl
              to probe for unrestricted auth and if not, only that single auth algorithm is acceptable.

       CURLAUTH_AWS_SIGV4
              provides AWS V4 signature authentication on HTTPS header see CURLOPT_AWS_SIGV4(3).


DEFAULT
       CURLAUTH_BASIC


PROTOCOLS
       This functionality affects http only


EXAMPLE
       int main(void)
       {
         CURL *curl = curl_easy_init();
         if(curl) {
           CURLcode ret;
           curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
           /* allow whatever auth the server speaks */
           curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_ANY);
           curl_easy_setopt(curl, CURLOPT_USERPWD, "james:bond");
           ret = curl_easy_perform(curl);
         }
       }


HISTORY
       CURLAUTH_DIGEST_IE was added in 7.19.3

       CURLAUTH_ONLY was added in 7.21.3

       CURLAUTH_NTLM_WB was added in 7.22.0

       CURLAUTH_BEARER was added in 7.61.0

       CURLAUTH_AWS_SIGV4 was added in 7.74.0


AVAILABILITY
       Added in curl 7.10.6


RETURN VALUE
       Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or  CURLE_NOT_BUILT_IN  if  the
       bitmask specified no supported authentication methods.


SEE ALSO
       CURLOPT_PASSWORD(3), CURLOPT_PROXYAUTH(3), CURLOPT_USERNAME(3)

libcurl                                            2024-12-11                                CURLOPT_HTTPAUTH(3)