Digest authentication
In the Digest authentication scheme, a hash function is applied to a username and password before sending them over the network.
Digest authentication flow
The digest authentication flow looks as follows:
A client makes a request without the
Authorization
header to a specific resource in a server application.A server responds to a client with a
401
(Unauthorized) response status and uses aWWW-Authenticate
response header to provide information that the digest authentication scheme is used to protect a route. A typicalWWW-Authenticate
header looks like this:WWW-Authenticate: Digest realm="Access to the '/' path", nonce="e4549c0548886bc2", algorithm="MD5"Usually, a client displays a login dialog where a user can enter credentials. Then, a client makes a request with the following
Authorization
header:Authorization: Digest username="jetbrains", realm="Access to the '/' path", nonce="e4549c0548886bc2", uri="/", algorithm=MD5, response="6299988bb4f05c0d8ad44295873858cf"The
response
value is generated in the following way:a.
HA1 = MD5(username:realm:password)
b.
HA2 = MD5(method:digestURI)
c.
response = MD5(HA1:nonce:HA2)
A server validates credentials sent by the client and responds with the requested content.
Configure digest authentication
To send user credentials in the Authorization
header using the Digest
scheme, you need to configure the digest
authentication provider as follows:
Call the digest function inside the
install
block.Provide the required credentials using DigestAuthCredentials and pass this object to the credentials function.
Optionally, configure the realm using the
realm
property.