Node-RED nodes for HTTP Digest Authentication (RFC 7616)
npm install @aaqu/node-red-digest-authNode-RED nodes for HTTP Digest Authentication (RFC 7616).
``bash`
npm install @aaqu/node-red-digest-auth
Or install via the Node-RED Palette Manager.
`bash`
cd ~/.node-red
npm install /path/to/node-red-digest-auth
Middleware node that processes 401 responses and generates Digest Authorization headers.
Inputs:
- msg.statusCode - Should be 401msg.headers['www-authenticate']
- - Digest challenge from server (response headers)msg.url
- - Request URLmsg.method
- - HTTP method (optional, default: GET)msg.authHeaders
- - Custom request headers to preserve (optional)msg.payload
- - Request body for POST/PUT (optional)
Outputs:
- msg.url - Original request URLmsg.method
- - HTTP methodmsg.headers
- - Object with authHeaders + Authorization headermsg.payload
- - Preserved from input (if present)
Configuration node for storing username and password securely.
| Algorithm | Status |
|-----------|--------|
| SHA-256 | Recommended |
| SHA-256-sess | Supported |
| SHA-512-256 | Supported |
| SHA-512-256-sess | Supported |
| MD5 | Legacy (not recommended) |
| MD5-sess | Legacy |
`
[inject] → [http request] → [switch: 401?] → [digest-auth] → [http request] → [debug]
↓
[debug] (other status)
1. Inject - Triggers the request with URL
2. HTTP Request - Sends initial unauthenticated request
3. Switch - Checks if response is 401
4. digest-auth - Generates Authorization header from WWW-Authenticate
5. HTTP Request - Retries with authentication
6. Debug - Shows the result
Go to Menu → Import → Examples → @aaqu/node-red-digest-auth to import a ready-to-use example flow.
| Property | Description |
|----------|-------------|
| Credentials | Reference to digest-auth-credentials config node |
| Algorithm | Preferred algorithm (SHA-256 recommended) |
| QoP | Quality of Protection: auth or auth-int |
| Property | Description |
|----------|-------------|
| Name | Optional display name |
| Username | Authentication username |
| Password | Authentication password (stored securely) |
To send custom headers (like Content-Type, X-API-Key, etc.) with your authenticated request:
1. Set msg.authHeaders in your inject or function node:`
javascript`
msg.authHeaders = {
"Content-Type": "application/json",
"X-Custom-Header": "value"
};
2. Configure your first HTTP Request node to use msg.authHeaders for outgoing headers
3. After digest-auth processes the 401 response, msg.headers will contain:msg.authHeaders
- All headers from
- The generated header
4. The second HTTP Request node uses msg.headers by default
`javascript
const { calculateDigestResponse, generateCnonce } = require('@aaqu/node-red-digest-auth/lib/crypto');
const response = calculateDigestResponse({
algorithm: 'SHA-256',
username: 'user',
realm: 'example.org',
password: 'secret',
method: 'GET',
uri: '/path',
nonce: 'server-nonce',
nc: '00000001',
cnonce: generateCnonce(),
qop: 'auth'
});
`
`javascript
const { parseWWWAuthenticate } = require('@aaqu/node-red-digest-auth/lib/parser');
const challenge = parseWWWAuthenticate('Digest realm="test", nonce="abc123", qop="auth"');
// { realm: 'test', nonce: 'abc123', qop: ['auth'], algorithm: 'MD5' }
`
`javascript
const { formatAuthorizationHeader } = require('@aaqu/node-red-digest-auth/lib/formatter');
const header = formatAuthorizationHeader({
username: 'user',
realm: 'example.org',
nonce: 'server-nonce',
uri: '/path',
algorithm: 'SHA-256',
nc: '00000001',
cnonce: 'client-nonce',
qop: 'auth',
response: 'calculated-hash'
});
// 'Digest username="user", realm="example.org", ...'
`
- Use SHA-256 - MD5 is deprecated and should only be used for legacy systems
- Always use TLS - Digest Auth does not protect against MITM attacks
- Credentials are stored securely - Not exported with flows
- RFC 7616 - HTTP Digest Access Authentication
- RFC 7235 - HTTP Authentication
, method, headers, and payload
- Added support for custom headers preservation
- Custom headers from msg.authHeaders are merged with Authorization in output msg.headers
- Removed MIT