Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does '--user' mean with curl

I'm working with an API and I have to send a POST request. I know how to set a header (-H) and (-d) is the body, but what is "--user".

If I submit this with Postman, or in a text editor with axios or just regular XMLRequest, where do I add this?

The docs say it is for regular http auth.

curl -X POST -H "Content-Type: application/json" \      --user "<client_id>:<client_secret>" \      -d '{"grant_type": "client_credentials", "scope": "public"}' \      ... 
like image 204
anon Avatar asked Mar 29 '16 18:03

anon


People also ask

What does -- user do in curl?

These curl recipes show you how to perform basic HTTP server authorization. To do that, use the -u user:pass command line argument. If you skip the password (but leave the colon), then no password is set. If you also skip the colon, then curl prompts for the password.

How do I use curl username and password?

For example, if a website has protected content curl allows you to pass authentication credentials. To do so use the following syntax: curl --user "USERNAME:PASSWORD" https://www.domain.com . “USERNAME” must be replaced with your actual username in quotes.

What is curl user agent?

A User-Agent (UA) string is information included in the HTTP header, acting on behalf of a user. When you connect to a website from a browser, the UA informs the website from which browser the request is coming from, its version number and operating system. A server may respond differently to specific user agents.


2 Answers

Late to the party, but here goes...

You can use curl with the -v (verbose) parameter to see the headers sent. You will then see that the information provided with --user is transformed into a header, such as:

Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l 

The text after the Basic keyword is a base64 encoded text string of the username:password combination provided with the --user parameter

To manually generate the base64 encoded credentials on Linux, you can simply call:

echo -n "username:password" | base64 -w0 

For windows, save the "username:password" to a file, then use certutil.exe to create a base64 encoded file:

certutil -encode credentials.txt credentials.asc 

To test this end to end, you can remove --user username:password and substitute with --header Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l and it will still authenticate just fine.

In summary, to do this manually without curl, you would need to base64 encode username:password combination. You would then need to set the HTTP Authorization header with the type as Basic along with the base64 encoded string.

like image 183
Jahmic Avatar answered Oct 08 '22 21:10

Jahmic


--user parameter in curl used for server authentication. So if you don't define authentication type via other parameters like --digest or --negotiate, it means USER parameter for http basic authentication, it also could be combined with :PASSWORD chunk to set a password as well. The full answer on your question depends on what kind authentication is used behind API you are sending request to, and maybe curl would not be enough for it, as it support a limited set of authentication schemes ...

like image 45
Alexey Melezhik Avatar answered Oct 08 '22 21:10

Alexey Melezhik