diff --git a/core/modules/rest/config/rest.settings.yml b/core/modules/rest/config/rest.settings.yml
index 2780a6d..91c9a7b 100644
--- a/core/modules/rest/config/rest.settings.yml
+++ b/core/modules/rest/config/rest.settings.yml
@@ -14,3 +14,13 @@ resources:
 #       GET:
 #         supported_formats:
 #           - json
+#
+# To enable only specific authentication methods for an operation, list them
+# at supported_auth.
+# For example, the following config only allows Basic HTTP authenticated
+# requests for the POST method on the node entity.
+#   resources:
+#     entity:node:
+#       POST:
+#         supported_auth:
+#           - http_basic
diff --git a/core/modules/rest/lib/Drupal/rest/Tests/AuthTest.php b/core/modules/rest/lib/Drupal/rest/Tests/AuthTest.php
index df91419..c509027 100644
--- a/core/modules/rest/lib/Drupal/rest/Tests/AuthTest.php
+++ b/core/modules/rest/lib/Drupal/rest/Tests/AuthTest.php
@@ -10,7 +10,7 @@
 use Drupal\rest\Tests\RESTTestBase;
 
 /**
- * Tests authenticated operations on test entities, nodes and users.
+ * Tests authenticated operations on test entities.
  */
 class AuthTest extends RESTTestBase {
 
@@ -21,6 +21,9 @@ class AuthTest extends RESTTestBase {
    */
   public static $modules = array('hal', 'rest', 'entity_test');
 
+  /**
+   * {@inheritdoc}
+   */
   public static function getInfo() {
     return array(
       'name' => 'Resource authentication',
@@ -59,6 +62,7 @@ public function testRead() {
     // not enabled and should not work.
     $response = $this->httpRequest('entity/' . $entity_type . '/' . $entity->id(), 'GET', NULL, $this->defaultMimeType);
     $this->assertResponse('403', 'HTTP response code is 403 when the request is not authenticated.');
+    $this->drupalLogout();
 
     // Now read it with the Basic authentication which is enabled and should
     // work.