https://niklan.net/blog/166
https://www.drupal.org/docs/8/core/modules/basic_auth/overview
Here is an example of a route that uses Basic Auth to authenticate users:
# core/modules/system/tests/modules/router_test_directory/router_test.routing.yml
module.router_test_11:
path: '/router_test/test11'
options:
_auth: [ 'basic_auth' ]
requirements:
_user_is_logged_in: 'TRUE'
defaults:
_content: '\Drupal\router_test\TestContent::test11'
In order to access to /router_test/test11, you have to fill the Authentication header with a valid Drupal user who has permissions to access to that page.
Note that Basic Auth is NOT a means of logging into a Drupal site in order to make service GET requests that depend on the identity of the logged-in user (e.g. a views REST display that uses an Authored By relationship to return content belonging to the logged-in user). It is cookie authentication that makes views Relationships possible. See Using other authentication protocols for more on how to login from a client application and get the session cookie.
