Basic auth

'Basic auth' or HTTP authentication is an authentication method built into browsers. The browser presents a dialog where the user has to provide an ID and password before the page loads.

Basic auth uses the Authorisation to authenticate. The provided ID and password are encoded with base64. The credentials are not encrypted unless the request is sent over HTTPS.

Strengths

Basic auth is easy to set up. When a user tries to enter a protected page, the server should respond with a WWW-Authenticate header and a 401 status. This header will prompt a dialog in the browser. The browser then sends another request with the credentials set in the Authorisation header.

Weaknesses

Basic auth is very limited. It's only possible to provide an ID and password.

The dialog is opened before the page loads, and there is no way to customise the dialog.

Each browser determines how long the user is logged in for, and it's not possible to log out users.

When to use it

It can be useful to use for internal applications such as a staging site.

When not to use it

HTTP authentication shouldn't be used to authenticate users in public-facing applications.

Because the page is not loaded before the user provides credentials, it will confuse users who might think they entered a broken link.

Authentication scaffolding

Starter kits for Laravel, Vue and React.