undefined | Better HN

0 pointsx_foo_x9y ago0 comments

I use a custom authorizer with Auth0 and it works fine. I guess some systems still use Basic Auth though.

0 comments

WWW-Authenticate is a requirement of HTTP itself, not Basic Auth. Returning 401 without this header (which API Gateway does) violates RFC 7235. It is the means by which HTTP negotiates an authentication protocol; without it, there is no way for authentication to proceed except by guessing.

j / k navigate · click thread line to collapse

0 pointsx_foo_x9y ago0 comments

I use a custom authorizer with Auth0 and it works fine. I guess some systems still use Basic Auth though.

0 comments

colanderman9y ago

j / k navigate · click thread line to collapse