 Hi, everyone. In this video, I'm going to explain what basic authentication is and how it's used in under five minutes. Let's jump into it. First off, don't confuse this with a basic example of authentication. Basic authentication is a mechanism or scheme in which a client can authenticate with a web server using a username and password. When a client connects to the server, the username and password are encoded as an HTTP header. Okay, I'll open my browser to show up a quick example so you can see what I'm talking about. I'm going to make sure I have DevTools open and I'm on the network tab as well. So if I go to an example page, HBS, local.example, this page will prompt me for my username and password. This is built into the browser. It is not part of the web page. I didn't write any HTML for this. The browser made a request to the server. The server responded with a 401 status code. That triggered the browser to prompt me to enter a username and password. And when I do that, they're going to be sent to the server. All right, great. If I look at the browser's network tab, I can see there was an authorization header. But the value doesn't look like my username and password. It is, but it's just encoded. It's not encrypted. I'll come back to this in a minute, but first let's look at the example again from the command line. My favorite client is HTTP, but something like Curl would work here too. All right, so just like before I'm going to make the same request to my local example. And you can see again that the server responded with a 401. The important thing to note here is that the server also set a response header. This www authenticate basic. This is how the browser knew to prompt me before. It sees this value and it knows to prompt me for a username and password. So if I make the same request again, this time with the username and password, and I'm going to add the verbose flag so you can see both the request and the response, you'll see that same authorization basic header set again with that same value. And this time the server responded with 200 and a simple hello message. Let's get back to how the username and password were actually sent over the wire. This value in the authorization header is a base 64 encoded version of my username colon password. This value needs to be treated as plain text as anyone with this value can decode it. I'll recreate this value on the command line, but you can use any base 64 tool you want such as base 64 and code.org. So for this, I'm going to use echo and I'm going to use my username colon password, which is super secret, which is still a terrible password. And I'm going to pipe that into base 64 and I'm going to get back the same value as up here. So on the server, the server would decode this base 64 encoding value. So in echo and We'll send this value to base 64. This time we use decode And again, we'll get the value out on the server side. The server would just Split the string at the colon and that's how it would find the username and password. All right, so you might be wondering if basic authentication is still relevant today. The answer is always it depends. If you're building a new web server, you probably don't need to worry about basic authentication. For legacy applications, it's important to understand how it works. If you're dumping requests to log files or using them some other way, you need to make sure you're not including the authorization header because again, that value is basically plain text. Another important thing to point out here is that any time basic authentication is used, it must be done over HTTPS or TLS. So the communication will be encrypted. Not all legacy though. There are parts of the OAuth2 spec, for example, that use basic authentication, but it's limited to trusted clients and again, those clients need to use TLS. All right, thanks for watching. I hope you learned a bit about basic authentication. So you know the drill. Let us know you like this video. Give us a thumbs up, ring the bell, do a jig and hit that subscribe button. That way we can create more content like this. Until next time.