Auth & Security Comparison

Feature	VS Code	JetBrains	httpyac	VS 2022	kulala
Basic authentication (auto Base64 encoding) VS 2022 does not document automatic Base64 encoding for Basic auth.	✓	✓	✓	✗	✓
Digest authentication	✓	✓	✓	✗	✓
AWS Signature v4	✓	✗	✓	✗	✓
AWS Cognito Unique to VS Code REST Client.	✓	✗	✗	✗	✗
OAuth 2.0 / OpenID Connect VS Code: Azure AD tokens. JetBrains: IDE dialogs. httpyac: full grant type support.	◐	◐	✓	✗	✓
NTLM/Kerberos JetBrains: @use-os-credentials.	✗	✓	✗	✗	✓
SSL client certificates Each uses different config format. See SSL & Certificates spec.	✓	✓	✓	✗	✗
@no-redirect VS 2022 does not document metadata tags beyond @name.	✓	✓	✓	✗	✓
@no-cookie-jar VS 2022 does not document metadata tags beyond @name.	✓	✓	✓	✗	✓

Authentication methods by portability

Universal Supported identically by all major implementations.

Basic authentication with automatic Base64 encoding works everywhere.

Widely Supported Supported by 3+ implementations, possibly with syntax variations.

Digest authentication is supported by VS Code REST Client, JetBrains, httpyac, and kulala.nvim.

Limited Support Supported by 2 implementations.

AWS Signature v4 is supported by VS Code REST Client, httpyac, and kulala.nvim. Not available in JetBrains or VS 2022.

Implementation-Specific Unique to a single implementation. Not portable.

OAuth2 full grant support is only available in httpyac. Other clients offer partial OAuth support through different mechanisms (Azure AD tokens in VS Code, IDE dialogs in JetBrains).

SSL client certificates

Every client that supports SSL certificates uses a different configuration format:

• VS Code REST Client: settings.json under rest-client.certificates
• JetBrains: http-client.private.env.json under SSLConfiguration
• httpyac: httpyac.config.js under clientCertificates

See Section 16: SSL & Certificates for full details.

Cookie handling

All clients handle cookies automatically. The @no-cookie-jar metadata tag is universal for disabling per-request cookie storage.