{"id":4746,"date":"2020-12-19T23:52:30","date_gmt":"2020-12-19T18:22:30","guid":{"rendered":"https:\/\/golangbyexamples.com\/?p=4746"},"modified":"2020-12-20T12:45:27","modified_gmt":"2020-12-20T07:15:27","slug":"http-basic-auth-golang","status":"publish","type":"post","link":"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/","title":{"rendered":"HTTP Client\/Server with Basic Auth in Go (Golang)"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_17 counter-hierarchy counter-decimal ez-toc-light-blue\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" style=\"display: none;\"><i class=\"ez-toc-glyphicon ez-toc-icon-toggle\"><\/i><\/a><\/span><\/div>\n<nav><ul class=\"ez-toc-list ez-toc-list-level-1\"><li class=\"ez-toc-page-1 ez-toc-heading-level-1\"><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/#Overview\" title=\"Overview\">Overview<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-1\"><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/#HTTP_Server_Basic_Auth_Example\" title=\"HTTP Server Basic Auth Example\">HTTP Server Basic Auth Example<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-1\"><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/#HTTP_Client_Basic_Auth_Example\" title=\"HTTP Client Basic Auth Example\">HTTP Client Basic Auth Example<\/a><\/li><\/ul><\/nav><\/div>\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Overview\"><\/span><strong>Overview<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"has-medium-font-size\">Basic auth is the simplest form of providing access controls for resources on web server.&nbsp; Basic Access Authentication is a way of providing user name and password to the server while making an HTTP request.&nbsp; The credentials are send in the headers of the request. Below is the header and format in which credentials are send.<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">Authorization : Basic <credentials><\/code><\/pre>\n\n\n\n<ul class=\"has-medium-font-size wp-block-list\"><li>Header name is <strong>&#8220;Authorization&#8221;<\/strong><\/li><\/ul>\n\n\n\n<ul class=\"has-medium-font-size wp-block-list\"><li>credentials are send Base64 encoding of username and password joined by a colon(:). Basically Base64 encoding of below string<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\"><username>:<password><\/code><\/pre>\n\n\n\n<ul class=\"has-medium-font-size wp-block-list\"><li>credentials is prefixed with <strong>Basic<\/strong><\/li><\/ul>\n\n\n\n<p class=\"has-medium-font-size\">Basic Auth is specified in RFC 7617<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><a href=\"https:\/\/tools.ietf.org\/html\/rfc7617\">https:\/\/tools.ietf.org\/html\/rfc7617<\/a><\/p>\n\n\n\n<p class=\"has-medium-font-size\">Basic auth doesn&#8217;t require any kind of sessions identifiers or cookies. Also since the credentials is send as bas64 encoding only so there is no encryption involved. Hence basic auth is used only with HTTPS for security reasons.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"HTTP_Server_Basic_Auth_Example\"><\/span><strong>HTTP Server Basic Auth Example<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"has-medium-font-size\">Let&#8217;s first see basic auth wrt to <strong>HTTP<\/strong> server. <strong>net\/http<\/strong> package of golang provides a method which is defined on the <strong>*http.Request<\/strong> struct which returns the username and password which is present in the incoming request&#8217;s <strong>Authorization<\/strong> Header. Below is the signature of the method<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">func (r *Request) BasicAuth() (username, password string, ok bool)<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">What this method does it that it checks the <strong>Authorization<\/strong> header and then extracts the username and password from&nbsp; Base64 encoded value and return it. If there is any issue in parsing it will return <strong>ok<\/strong> variable as false. So while using this function, we first need to check the value of <strong>ok<\/strong> variable. If the <strong>ok<\/strong> variable is true then we can further match the username and password and verify if it is correct.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Let&#8217;s see a program for this<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">package main\n\nimport (\n\t\"fmt\"\n\t\"net\/http\"\n)\n\nvar (\n\tusername = \"abc\"\n\tpassword = \"123\"\n)\n\nfunc main() {\n\thandler := http.HandlerFunc(handleRequest)\n\thttp.Handle(\"\/example\", handler)\n\thttp.ListenAndServe(\":8080\", nil)\n}\n\nfunc handleRequest(w http.ResponseWriter, r *http.Request) {\n\n\tu, p, ok := r.BasicAuth()\n\tif !ok {\n\t\tfmt.Println(\"Error parsing basic auth\")\n\t\tw.WriteHeader(401)\n\t\treturn\n\t}\n\tif u != username {\n\t\tfmt.Printf(\"Username provided is correct: %s\\n\", u)\n\t\tw.WriteHeader(401)\n\t\treturn\n\t}\n\tif p != password {\n\t\tfmt.Printf(\"Password provided is correct: %s\\n\", u)\n\t\tw.WriteHeader(401)\n\t\treturn\n\t}\n\tfmt.Printf(\"Username: %s\\n\", u)\n\tfmt.Printf(\"Password: %s\\n\", p)\n\tw.WriteHeader(200)\n\treturn\n}<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">Server accepts the below username and password<\/p>\n\n\n\n<ul class=\"has-medium-font-size wp-block-list\"><li>username is abc<\/li><\/ul>\n\n\n\n<ul class=\"has-medium-font-size wp-block-list\"><li>password is 123<\/li><\/ul>\n\n\n\n<p class=\"has-medium-font-size\">For making the request we have to do Base64 encoding of&nbsp; below string which is a username and password joined by a single colon(:)<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">abc:123<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">Base64 encoding of above string will be.<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">YWJjOjEyMw==<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">You can check it here &#8211; <a href=\"https:\/\/www.base64encode.org\/\">https:\/\/www.base64encode.org\/<\/a><\/p>\n\n\n\n<p class=\"has-medium-font-size\">Now make the below request<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">curl -v -X POST http:\/\/localhost:8080\/example -H \"Authorization: Basic YWJjOjEyMw==\"<\/code><\/pre>\n\n\n\n<p>This request will get the status code as 200. Also it will correctly print the username and password in the logs as well.<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">Username: abc\nPassword: 123<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">Now send the malformed <strong>Base64<\/strong> encoded value. <\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">curl -v -X POST http:\/\/localhost:8080\/example -H \"Authorization: Basic YWJjOjEy\"<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">It will get the status code as 401. It will also print below in the logs<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">Error parsing basic auth<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"HTTP_Client_Basic_Auth_Example\"><\/span><strong>HTTP Client Basic Auth Example<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"has-medium-font-size\"><strong>net\/http<\/strong> package of golang also provides a method which is defined on the <strong>*http.Request<\/strong> struct which can be used to set the basic auth header.&nbsp; Below is the signature of the method<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">func (r *Request) SetBasicAuth(username, password string)<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">What this method does it takes in <strong>username<\/strong> and <strong>password<\/strong> and sets Authorization header with base64 encoded value of username and password joined by a single colon(:).<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Let&#8217;s see a program for this<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">package main\n\nimport (\n\t\"fmt\"\n\t\"net\/http\"\n\t\"time\"\n)\n\nvar (\n\tusername = \"abc\"\n\tpassword = \"123\"\n)\n\nfunc main() {\n\tcall(\"https:\/\/localhost:8080\/example\", \"POST\")\n}\n\nfunc call(url, method string) error {\n\tclient := &http.Client{\n\t\tTimeout: time.Second * 10,\n\t}\n\treq, err := http.NewRequest(method, url, nil)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"Got error %s\", err.Error())\n\t}\n\treq.SetBasicAuth(username, password)\n\tresponse, err := client.Do(req)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"Got error %s\", err.Error())\n\t}\n\tdefer response.Body.Close()\n\treturn nil\n}<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">In the above program we are making a call to the server which we had set up earlier. See how we set up the basic auth in the outgoing request<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-go\">req.SetBasicAuth(username, password)<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">If you will run the above program you will get a 200 from the server which we had set up above.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Note:<\/strong> We are printing&nbsp; <strong>username<\/strong> and <strong>password<\/strong> above just for illustration purposes. In real program they need to be kept encrypted in some secure manner.&nbsp; Also we are sending a http request below and not https for basic auth. Again this was just for illustrated only and both client and server lie on the same machine. This is not recommended and basic auth should be used only with <strong>HTTPS<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of Contents OverviewHTTP Server Basic Auth ExampleHTTP Client Basic Auth Example Overview Basic auth is the simplest form of providing access controls for resources on web server.&nbsp; Basic Access Authentication is&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[1],"tags":[3,4],"class_list":["post-4746","post","type-post","status-publish","format-standard","hentry","category-tech","tag-go","tag-golang"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HTTP Client\/Server with Basic Auth in Go (Golang) - Welcome To Golang By Example<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HTTP Client\/Server with Basic Auth in Go (Golang) - Welcome To Golang By Example\" \/>\n<meta property=\"og:description\" content=\"Table of Contents OverviewHTTP Server Basic Auth ExampleHTTP Client Basic Auth Example Overview Basic auth is the simplest form of providing access controls for resources on web server.&nbsp; Basic Access Authentication is...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/\" \/>\n<meta property=\"og:site_name\" content=\"Welcome To Golang By Example\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-19T18:22:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-20T07:15:27+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/\",\"url\":\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/\",\"name\":\"HTTP Client\/Server with Basic Auth in Go (Golang) - Welcome To Golang By Example\",\"isPartOf\":{\"@id\":\"https:\/\/golangbyexamples.com\/#website\"},\"datePublished\":\"2020-12-19T18:22:30+00:00\",\"dateModified\":\"2020-12-20T07:15:27+00:00\",\"author\":{\"@id\":\"https:\/\/golangbyexamples.com\/#\/schema\/person\/8833ea7638dafd763cb1db6c0ca4576f\"},\"breadcrumb\":{\"@id\":\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/golangbyexamples.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HTTP Client\/Server with Basic Auth in Go (Golang)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/golangbyexamples.com\/#website\",\"url\":\"https:\/\/golangbyexamples.com\/\",\"name\":\"Welcome To Golang By Example\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/golangbyexamples.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/golangbyexamples.com\/#\/schema\/person\/8833ea7638dafd763cb1db6c0ca4576f\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/golangbyexamples.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"url\":\"https:\/\/golangbyexamples.com\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HTTP Client\/Server with Basic Auth in Go (Golang) - Welcome To Golang By Example","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/","og_locale":"en_US","og_type":"article","og_title":"HTTP Client\/Server with Basic Auth in Go (Golang) - Welcome To Golang By Example","og_description":"Table of Contents OverviewHTTP Server Basic Auth ExampleHTTP Client Basic Auth Example Overview Basic auth is the simplest form of providing access controls for resources on web server.&nbsp; Basic Access Authentication is...","og_url":"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/","og_site_name":"Welcome To Golang By Example","article_published_time":"2020-12-19T18:22:30+00:00","article_modified_time":"2020-12-20T07:15:27+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/","url":"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/","name":"HTTP Client\/Server with Basic Auth in Go (Golang) - Welcome To Golang By Example","isPartOf":{"@id":"https:\/\/golangbyexamples.com\/#website"},"datePublished":"2020-12-19T18:22:30+00:00","dateModified":"2020-12-20T07:15:27+00:00","author":{"@id":"https:\/\/golangbyexamples.com\/#\/schema\/person\/8833ea7638dafd763cb1db6c0ca4576f"},"breadcrumb":{"@id":"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/golangbyexamples.com\/http-basic-auth-golang\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/golangbyexamples.com\/http-basic-auth-golang\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/golangbyexamples.com\/"},{"@type":"ListItem","position":2,"name":"HTTP Client\/Server with Basic Auth in Go (Golang)"}]},{"@type":"WebSite","@id":"https:\/\/golangbyexamples.com\/#website","url":"https:\/\/golangbyexamples.com\/","name":"Welcome To Golang By Example","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/golangbyexamples.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/golangbyexamples.com\/#\/schema\/person\/8833ea7638dafd763cb1db6c0ca4576f","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/golangbyexamples.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"admin"},"url":"https:\/\/golangbyexamples.com\/author\/admin\/"}]}},"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paOs1b-1ey","amp_validity":null,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/posts\/4746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/comments?post=4746"}],"version-history":[{"count":4,"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/posts\/4746\/revisions"}],"predecessor-version":[{"id":4757,"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/posts\/4746\/revisions\/4757"}],"wp:attachment":[{"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/media?parent=4746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/categories?post=4746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/golangbyexamples.com\/wp-json\/wp\/v2\/tags?post=4746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}