On Tue, Sep 16, 2025 at 7:32 AM Bastian Jesuiter via curl-users <[email protected]> wrote: > > I am regularly using bearer tokens to access multiple apis instead of basic > auth. > > The netrc file only seems to support basic auth, > Would it be possible (for curl) to parse the "password" field as "Bearer" > token, either implicitly or explicitly (by adding the bearer at the beginning > of the password field), when the login field is missing? > > Alternatively are there RFCs for the dotnetrc file where the parsing rules > are defined? > Or is this more of a silent agreement for the format? > > A lot of services are transitioning away from basic auth.
I don't know if there's a RFC covering the netrc file. I suspect not based on a quick search of IETF documents. Related to your question... Most (all?) IETF protocols that were designed to use basic auth schemes, like email, will not receive an update to handle a second factor, like OTP codes or TOTP and HOTP codes. Instead, SASL is used to provide the additional authentication factor. See RFC 4422, Simple Authentication and Security Layer (SASL), <https://datatracker.ietf.org/doc/html/rfc4422>. And SASL would explain why many email services still only use a username and password. There's nothing "simple" about SASL. Jeff -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
