Skip to content

This sets the Authorization header. See details at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization.

Usage

req_auth_basic(req, username, password = NULL)

Arguments

req

A request.

username

User name.

password

Password. You avoid entering the password directly when calling this function as it will be captured by .Rhistory. Instead, leave it unset and the default behaviour will prompt you for it interactively.

Value

A modified HTTP request.

Examples

req <- request("http://example.com") %>% req_auth_basic("hadley", "SECRET")
req
#> <httr2_request>
#> GET http://example.com
#> Headers:
#>Authorization: '<REDACTED>'
#> Body: empty
req %>% req_dry_run()
#> GET / HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/0.2.2.9000 r-curl/4.3.2 libcurl/7.68.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br
#> Authorization: <REDACTED>
#> 

# httr2 does its best to redact the Authorization header so that you don't
# accidentally reveal confidential data. Use `redact_headers` to reveal it:
print(req, redact_headers = FALSE)
#> <httr2_request>
#> GET http://example.com
#> Headers:
#>Authorization: 'Basic aGFkbGV5OlNFQ1JFVA=='
#> Body: empty
req %>% req_dry_run(redact_headers = FALSE)
#> GET / HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/0.2.2.9000 r-curl/4.3.2 libcurl/7.68.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br
#> Authorization: Basic aGFkbGV5OlNFQ1JFVA==
#> 

# We do this because the authorization header is not encrypted and the
# so password can easily be discovered:
rawToChar(jsonlite::base64_dec("aGFkbGV5OlNFQ1JFVA=="))
#> [1] "hadley:SECRET"