Thanks to [Pat Thoyts] for this example of use of [http] authentication:

      package require base64 ;# tcllib
      package require http   ;# tcl

      proc buildProxyHeaders {username password} {
         return [list "Proxy-Authorization" \
              [concat "Basic" [base64::encode $username:$password]]]
      }

      proc fetch {url} {
         set tok [http::geturl $url -headers [buildProxyHeaders]]
         ...
      }

Pat mentions that [TkChat] uses just such an approach.

[D. J. Hagberg] styles much the same as

      proc geturl_auth {url username password} {
          set auth "Basic [base64::encode $username:$password]"
          set headerl [list Authorization $auth]
          set tok [http::geturl $url -headers $headerl]
          set res [http::data $tok]
          http::cleanup $tok
          set res
      }

Notice the distinct uses of "Authorization" and "Proxy-Authorization", about which [PT] writes: "Proxy-Authorization is used by HTTP [proxy] servers to decide if they are going to forward your request. This is typically used by corporate networks to provide accountability for web access. The Authorization header is used to authenticate you to the endpoint server. The Proxy-Authorization will never leave your local network - the Authorization header is passed all the way along to the final host."