Digest authentication?

[ZanderBrown]

'basic' is already implemented, would be useful to have 'digest' as well

[IslandUsurper]

This would be difficult for reqwest to do, since it involves making two requests to the server. You need to do a HEAD request to get a "nonce" and "opaque" value from the server, use the nonce in the digest, and pass the "opaque" value back with the real request as well. I doubt as a library that reqwest should make "extra" requests for you. Also, you need to depend on md5 most likely (as that's the default digest algorithm).

[0xmad]

I found this crate https://crates.io/crates/digest-headers, but it's not supported long time. Maybe it will be useful for implementing this feature or for workaround. So It would be great if it were implemented for reqwest.

[valmirjunior0088]

Any updates on this?

[dave-andersen]

I third the request for this, but for others, the way I'm implementing it now is using:

https://docs.rs/digest_auth/0.2.3/digest_auth/

Code snippet:

use digest_auth::AuthContext;
...
    // Step 1:  Get the auth header
   // client in this case is a reqwest::blocking client;  add .awaits as needed
    let res = client.get(url).send()?;
    let headers = res.headers();
    let wwwauth = headers["www-authenticate"].to_str()?;

    // Step 2:  Given the auth header, sign the digest for the real req.
    let parsed_uri = url.parse::<http::Uri>()?;
    let context = AuthContext::new(USERNAME_GOES_HERE, PASSWORD_GOES_HERE, parsed_uri.path());
    let mut prompt = digest_auth::parse(wwwauth)?;
    let answer = prompt.respond(&context)?.to_header_string();
    client.get(url).header("Authorization", answer).send()?

I'm probably holding it wrong in several places but this works.

[maoertel]

I wrote diqwest for that: https://github.com/maoertel/diqwest.

It abstracts everything away and you can use it with async and blocking reqwest.