why wget does not use userName and password in URL first time
Below is the command and response of wget, It first time does not use provided userName and password and get 401, later it uses the auth and gets 200.
This works well with curl but same thing happens via Postman as well, what is this phenomena and why it happens?
$> wget 'http://userName:password@host:port/v1/api'
--2018-08-31 16:06:01-- http://userName:password@host:port
Connecting to host:port... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authentication selected: Basic realm="myApp", API-Key realm="myApp"
Reusing existing connection to host:port.
HTTP request sent, awaiting response... 200 OK
Length: 146 [application/json]
Saving to: 'api'
api 100%[==================================================================================================================>] 146 --.-KB/s in 0s
2018-08-31 16:06:01 (9.28 MB/s) - 'api' saved [146/146]
wget
and most other programs request a basic authentication challenge from the server side before sending the credentials.
This is wget
's default behavior since version 1.10.2.
You can change that behaviour using --auth-no-challenge
option:
If this option is given, Wget will send Basic HTTP authentication information (plaintext username and password) for all requests, just like Wget 1.10.2 and prior did by default.
Use of this option is not recommended, and is intended only to support some few obscure servers, which never send HTTP authentication challenges, but accept unsolicited auth info, say, in addition to form-based authentication.
This is the general default workflow for HTTP Authentication:
Read more about HTTP Authentication.