|
1 | 1 | = Authorize requests |
2 | 2 |
|
3 | | -Unless authentication is disabled on the server, all HTTP requests must be authorized using the login credentials of a valid user. |
| 3 | +Unless authentication is disabled on the server, all requests must be authorized using the login credentials of a valid user. |
4 | 4 |
|
5 | 5 | Request are authorized through an `Authorization` header. |
6 | | -The header value encoding follows the standard format for `Basic` authentication (RFC 7617), which is as follows: |
| 6 | +Both _basic_ and _bearer_ authentication are supported. |
| 7 | + |
| 8 | +[NOTE] |
| 9 | +If authentication is disabled on the server, requests can be sent without an `Authorization` header. |
| 10 | + |
| 11 | + |
| 12 | +== Basic authentication |
| 13 | + |
| 14 | +The header format for basic authentication follows the standard format (RFC 7617): |
7 | 15 |
|
8 | 16 | ---- |
9 | 17 | Authorization: Basic <base64(username:password)> |
10 | 18 | ---- |
11 | 19 |
|
12 | | -For example, to authenticate as user `neo4j` with password `verysecret`, first join them with a colon: |
| 20 | +.Basic authentication |
| 21 | +===== |
| 22 | +To authenticate as user `neo4j` with password `verysecret`, first join them with a colon: |
13 | 23 |
|
14 | 24 | ---- |
15 | 25 | neo4j:verysecret |
@@ -37,14 +47,46 @@ To obtain the final header, prepend `Basic` to the base64-encoding of the creden |
37 | 47 | ---- |
38 | 48 | Authorization: Basic bmVvNGo6dmVyeXNlY3JldA== |
39 | 49 | ---- |
| 50 | +===== |
40 | 51 |
|
41 | | -[NOTE] |
42 | | --- |
43 | | -If authentication is disabled on the server, HTTP API requests can be sent without an `Authorization` header. |
44 | | --- |
45 | 52 |
|
| 53 | +== Bearer authentication |
| 54 | + |
| 55 | +The header format to authenticate with a bearer token is: |
| 56 | + |
| 57 | +---- |
| 58 | +Authorization: Bearer <base64(token)> |
| 59 | +---- |
| 60 | + |
| 61 | +.Bearer authentication |
| 62 | +===== |
| 63 | +To authenticate with the token `xbhkjnlvianztghqwawxqfe`, first base64-encode it: |
| 64 | +
|
| 65 | +---- |
| 66 | +eGJoa2pubHZpYW56dGdocXdhd3hxZmUK |
| 67 | +---- |
| 68 | +
|
| 69 | +.How to base64-encode a string |
| 70 | +[%collapsible] |
| 71 | +==== |
| 72 | +To base64-encode a string on a Linux or Mac machine, use the built-in `base64` command: |
| 73 | + |
| 74 | +[source, bash] |
| 75 | +---- |
| 76 | +echo -n "xbhkjnlvianztghqwawxqfe" | base64 |
| 77 | +---- |
| 78 | +==== |
| 79 | +
|
| 80 | +To obtain the final header, prepend `Bearer` to the base64-encoding of the credential: |
| 81 | +
|
| 82 | +---- |
| 83 | +Authorization: Bearer eGJoa2pubHZpYW56dGdocXdhd3hxZmUK |
| 84 | +---- |
| 85 | +===== |
| 86 | + |
| 87 | +== Errors |
46 | 88 |
|
47 | | -== Missing authorization |
| 89 | +=== Missing authorization |
48 | 90 |
|
49 | 91 | If an `Authorization` header is not supplied (and authentication is not disabled), the server replies with status `401 Forbidden` and an error. |
50 | 92 |
|
@@ -80,7 +122,7 @@ Content-Type: application/json;charset=utf-8 |
80 | 122 | ==== |
81 | 123 |
|
82 | 124 |
|
83 | | -== Incorrect authentication |
| 125 | +=== Incorrect authentication |
84 | 126 |
|
85 | 127 | If an incorrect username or password is provided, or if they fail to be properly base64-encoded, the server replies with status `401 Forbidden` and an error. |
86 | 128 |
|
@@ -117,7 +159,7 @@ Content-Type: application/json;charset=utf-8 |
117 | 159 | ==== |
118 | 160 |
|
119 | 161 |
|
120 | | -== Invalid authentication |
| 162 | +=== Invalid authentication |
121 | 163 |
|
122 | 164 | If the content of the `Authorization` header fails to be properly base64-encoded, the server replies with status `401 Forbidden` and an error. |
123 | 165 |
|
|
0 commit comments