Can I use both of Basic and Bearer in Authorization header?

Question

I implemented JWT token for API Authorization. Every request that required authorization is sent with JWT token in Authorization header like this: Authorization: Bearer <token>. Everything is clear for me about JWT token except login request.

I just want to use Authorization: Basic <credentials> where login request. I suppose sending username and password as plain text seems not good. But I'm not sure.

Is it okay to use Basic <credentials> on login request and then use Bearer <token> on other request?

Viswanatha Swamy · Accepted Answer · 2020-02-26T10:43:15.307

0

Good morning. It is best practice to create a method and invoke that using POST call. Pass the Login Credentials as an object to the post method. The login method should return the JWT token. Once you receive the JWT token, then onwards please use bearer XXXXXXXX.

Example:

[AllowAnonymous]
[HttpPost]
public IActionResult CreateToken([FromBody]LoginModel login)
{
    // Your logic to Authenticate and Generate the JWT TOKEN.
      return response;
}

edited Feb 26 '20 at 10:43

answered Feb 26 '20 at 10:31

Viswanatha Swamy

699
1
10
17

1

Thank you for your answer. I already know that many example use method of sending Login Credentials using `POST` call. I just wonder why you not use `Basic` when you send Login Credentials – Boram Kim Mar 02 '20 at 00:46
It might be little risky using Basic Authentication if few security items are not considered. Below refer the answer in the link. https://security.stackexchange.com/questions/988/is-basic-auth-secure-if-done-over-https – Viswanatha Swamy Mar 02 '20 at 02:09

Can I use both of Basic and Bearer in Authorization header?

1 Answers1