Auth Lab

Authentication Lab

Practice different authentication patterns used in real-world APIs

Security Mode

Secure Mode (HttpOnly Cookie)

SecureInsecure

Secure Mode Active

Token stored in an HttpOnly cookie. Not accessible via JavaScript — document.cookie cannot read it. Protected from XSS attacks since scripts cannot extract the token.

Basic Auth

HTTP Basic Authentication with base64 encoded credentials

Authorization: Basic base64(user:pass)

Username

Password

Generated Header:

Authorization: Basic YWRtaW46YWRtaW4xMjM=

Available users: admin/admin123, user/user123, readonly/readonly123

Response

Send a request to see the response

API Documentation

Basic Auth

GET /api/auth/basicPOST /api/auth/basic

Bearer Token

POST /api/auth/bearer (get token)GET /api/auth/bearer (verify)

API Key

GET /api/auth/apikeyPOST /api/auth/apikeyDELETE /api/auth/apikey

OAuth 2.0

GET /api/auth/oauth/authorizePOST /api/auth/oauth/tokenGET /api/auth/oauth/userinfo

Session

GET /api/auth/session (csrf/status)POST /api/auth/session (login)DELETE /api/auth/session (logout)

MFA/TOTP

GET /api/auth/mfa (get code)POST /api/auth/mfa (login)PUT /api/auth/mfa (setup)