Protocol parameters can be transmitted using the HTTP “Authorization” header field as defined by RFC 2617 with the auth-scheme name set to “OAuth” (case insensitive). (RFC 5849: The OAuth 1.0 Protocol)

The “Authorization” header field allows a user agent to authenticate itself with an origin server - usually, but not necessarily, after receiving a 401 (Unauthorized) response. Its value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested. (RFC 7235: Hypertext Transfer Protocol (HTTP/1.1): Authentication)

The client is expected to retry the request, passing an Authorization header field line with Digest scheme, which is defined according to the framework above. The values of the opaque and algorithm fields must be those supplied in the WWW-Authenticate response header field for the entity being requested. (RFC 7616: HTTP Digest Access Authentication)


Return to list of all ( HTTP Header Fields | Web Concepts )