Skip to content
.http files

Authentication

Basic authentication

Section titled “Basic authentication”

All major implementations support automatic Base64 encoding for Basic auth:

GET https://api.example.com/protected
Authorization: Basic username password
VS CodeJetBrainshttpyackulala

VS 2022 does not document automatic Base64 encoding for Basic auth.

VS Code REST Client also accepts username:password (colon-separated) or pre-encoded Base64 values.

Digest authentication

Section titled “Digest authentication”
GET https://api.example.com/protected
Authorization: Digest username password
VS CodeJetBrainshttpyac

The client handles the challenge-response flow automatically.

AWS Signature v4

Section titled “AWS Signature v4”
GET https://service.amazonaws.com/resource
Authorization: AWS accessKeyId secretAccessKey token:sessionToken region:us-east-1 service:s3
VS Codehttpyackulala

JetBrains does not have built-in AWS auth.

AWS Cognito

Section titled “AWS Cognito”
VS Code 
GET https://api.example.com/protected
Authorization: COGNITO username password region userPoolId clientId

Unique to VS Code REST Client.

OAuth 2.0 / OpenID Connect

Section titled “OAuth 2.0 / OpenID Connect”

httpyac has the most comprehensive OAuth2 support with multiple grant types:

GET https://api.example.com/protected
Authorization: openid client_credentials myPrefix

Supported flows: authorization_code (with optional PKCE), implicit, password, client_credentials, device_code, and token exchange. Variables configure endpoints: {{prefix}}_tokenEndpoint, {{prefix}}_clientId, etc.

VS Code REST Client supports Azure AD tokens via {{$aadToken}}, {{$aadV2Token}}, and generic OIDC via {{$oidcAccessToken}}.

JetBrains supports OAuth 2.0 through IDE-integrated dialogs rather than in-file syntax.

kulala.nvim supports OAuth2, Negotiate, and SSL auth.

NTLM/Kerberos

Section titled “NTLM/Kerberos”
JetBrainskulala

JetBrains uses @use-os-credentials metadata to use OS-level credentials.

Client certificates

Section titled “Client certificates”

See Section 16: SSL & Certificates for SSL/certificate configuration details.

Feature VS CodeJetBrainshttpyacVS 2022kulala
Basic authentication (auto Base64 encoding) VS 2022 does not document automatic Base64 encoding for Basic auth.
Digest authentication
AWS Signature v4
AWS Cognito Unique to VS Code REST Client.
OAuth 2.0 / OpenID Connect VS Code: Azure AD tokens. JetBrains: IDE dialogs. httpyac: full grant type support.
NTLM/Kerberos JetBrains: @use-os-credentials.
SSL client certificates Each uses different config format. See SSL & Certificates spec.
@no-redirect VS 2022 does not document metadata tags beyond @name.
@no-cookie-jar VS 2022 does not document metadata tags beyond @name.