This sets the Authorization header. See details at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization.
Arguments
- req
A httr2 request object.
- username
User name.
- password
Password. You should avoid entering the password directly when calling this function as it will be captured by
.Rhistory
. Instead, leave it unset and the default behaviour will prompt you for it interactively.
Value
A modified HTTP request.
Examples
req <- request("http://example.com") |> req_auth_basic("hadley", "SECRET")
req
#> <httr2_request>
#> GET http://example.com
#> Headers:
#> • Authorization: '<REDACTED>'
#> Body: empty
req |> req_dry_run()
#> GET / HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.7.9000 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Authorization: <REDACTED>
#>
# httr2 does its best to redact the Authorization header so that you don't
# accidentally reveal confidential data. Use `redact_headers` to reveal it:
print(req, redact_headers = FALSE)
#> <httr2_request>
#> GET http://example.com
#> Headers:
#> • Authorization: 'Basic aGFkbGV5OlNFQ1JFVA=='
#> Body: empty
req |> req_dry_run(redact_headers = FALSE)
#> GET / HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.7.9000 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Authorization: Basic aGFkbGV5OlNFQ1JFVA==
#>
# We do this because the authorization header is not encrypted and the
# so password can easily be discovered:
rawToChar(jsonlite::base64_dec("aGFkbGV5OlNFQ1JFVA=="))
#> [1] "hadley:SECRET"