How to deal with basic authentication

microsoft / rest-api-fuzz-testing

REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows

MIT License

262 stars 41 forks source link

How to deal with basic authentication #196

Closed LYDE1234 closed 3 years ago

LYDE1234 commented 3 years ago

Can RAFT be configured to use basic authentication (user/pass)?

stishkin commented 3 years ago

@LYDE1234 Is this Dredd specific ?

Since authentication is on per tool basis (and we managed to abstract auth header that works with all tools). For basic authentication. RESTler for example does not support basic authentication.

LYDE1234 commented 3 years ago

Not Dredd specific. Our API currently only supports basic authentication. Sounds like our best option would be to disable authentication for now - the production version will use OAuth and that you do support. Thanks.