library to generate digest auth strings
npm install indigestion
Digest Authentication header generator. Takes the www-authenticate header response and returns the Digest... header as a string.
- In your project, install via npm install indigestion
- Import indigestion
``
import indigestion = require("indigestion");
- Pass in the appropriate information to the generateDigestAuth() function
`
const digest = indigestion.generateDigestAuth({
authenticateHeader: ,`
username: "username",
password: "password",
uri: "uri"
method: "method",
cnonce: "cnonce", //optional
nc: "nc", //optional
entityBody: "entityBody" //optional
})
- If cnonce is not provided, it will default to "".nc
- If (nonce count) is not provided, it will default to "00000000".nc
- If is provided, the returned nc will be the provided nc + 1 (in hexadecimal)qop=auth-int
- If using , entityBody is not optional
- If the nonce count is needed for subsequent calls, use the findNonceCount() function to easily parse the information
`
const nc = indigestion.findNonceCount();`
The above will return 1234ABCD.
- What is the purpose of this library?
- This library will return a digest authentication header. Simply pass in the required information, including the www-authenticate response header from the initial 401 response.axios-digest
- Why not use an existing Digest Authentication library?
- This library is for use cases not covered by existing libraries, such as , digest-fetch or node-digest-auth-client, where you want to control the request being sent and just need to be able to pass in the auth header.axios
- What would that look like? Using , something like this...
`
import axios = require("axios");
import indigestion = require("indigestion);
return new Promise((resolve, reject) => {
axios
.get("http://www.test.com/test")
.then(result => {
resolve(result);
})
.catch(error => {
if (error.response.status !== 401) reject(error);
else {
// If we get a 401 response, we know we have to generate a header.
// Pull the www-authenticate header from the response headers`
const authenticateHeader = error.response.headers["www-authenticate"];
// Pass in required information to indigestion, which returns the auth string
const authorization = indigestion.generateDigestAuth({
authenticateHeader,
username: "username",
password: "password",
uri: "/test"
method: "GET"
})
// Try the GET again, this time with the Authorization header specified.
axios
.get("http://www.test.com/test", { headers: {Authorization: authorization}})
.then(result => {
resolve(result);
})
.catch(error => {
reject(error);
})
}
});
});
- I found an issue with the library or have a suggestion to improve the library.
- Please raise an issue or suggestion on the github. Or, if you feel so inclined, create a PR to fix the problem or implement the suggestion.
- Why does this library require node v12.0.0 or above?
- The String.prototype.matchAll() functionality used requires node v12.0.0 and above.
- I've only been able to do extensive testing with real devices for the case where:
- qop=auth
- is insignificant and NOT provided by the www-authenticate headercnonce
- is insignificant and NOT provided by the www-authenticate headeralgorithm
- is not specified in www-authenticate header, so md5 is defaultedqop=auth-int
- This means I've been unable to test:
- or qop is not provided by www-authenticate headeropaque
- is significant and provided by www-authenticate headercnonce
- is signficant and provided by www-authenticate headeralgorithm
- is specified as md5 or md5-sess`