Digest authentication

Technical support and scripting issues

Moderators: Dorian (MJT support), JRL

Post Reply
rullbandspelare
Pro Scripter
Posts: 137
Joined: Tue Mar 23, 2004 9:11 pm

Digest authentication

Post by rullbandspelare » Tue Sep 18, 2018 10:34 am

Can I do Digest authentication with HTTPRequest> ?
I know Basic authentication is just http://user:pass@host.
But how to do Digest authentication?


Thanks!

User avatar
Marcus Tettmar
Site Admin
Posts: 7057
Joined: Thu Sep 19, 2002 3:00 pm
Location: Dorset, UK
Contact:

Re: Digest authentication

Post by Marcus Tettmar » Tue Sep 18, 2018 10:04 pm

If by digest authentication, you mean creating a hash of some parameters, maybe hashing the method and URL as well then, yes, of course. With HTTP you can GET or POST any values. Macro Scheduler has MD5 and SHA256 hashing methods built in as well.
Marcus Tettmar
http://mjtnet.com/blog/ | http://twitter.com/marcustettmar

Did you know we are now offering affordable monthly subscriptions for Macro Scheduler Standard?

rullbandspelare
Pro Scripter
Posts: 137
Joined: Tue Mar 23, 2004 9:11 pm

Re: Digest authentication

Post by rullbandspelare » Wed Sep 19, 2018 2:40 pm

Ok. I take it that digest authentication is not built in to the HTTPRequest command.
Digest authentication is a standardized way to HTTP authenticate and is different from basic authentication in that it is a challenge response. BAsig is just user and password in plain text (base64) .

I am not sure on how to do this. It requires to read and write to the http header

User avatar
Marcus Tettmar
Site Admin
Posts: 7057
Joined: Thu Sep 19, 2002 3:00 pm
Location: Dorset, UK
Contact:

Re: Digest authentication

Post by Marcus Tettmar » Wed Sep 19, 2018 3:43 pm

Digest authentication is not something built into http. Therefore it's not something built into httprequest. Digest authentication implies hashing credentials and other stuff together, to make a one way hash which can only be verified by people knowing the things it was hashed with. Whether it is also used with HTTPRequest or not.

Look at the MD5 and SHA256 functions, as well as Base64.
Marcus Tettmar
http://mjtnet.com/blog/ | http://twitter.com/marcustettmar

Did you know we are now offering affordable monthly subscriptions for Macro Scheduler Standard?

rullbandspelare
Pro Scripter
Posts: 137
Joined: Tue Mar 23, 2004 9:11 pm

Re: Digest authentication

Post by rullbandspelare » Sun Mar 03, 2019 9:22 am

A litle request :-)
Have been looking for a solution for this. And I can not make it happen in Machro Scheduler.

Digest Authentication is something that is built in to a webbrowser client and is the way to authenticating without sending user/pass in clear text (base64) without TLS.

So, a welcome functionality to the HTTPRequest client would be this.

Thanks!

User avatar
Marcus Tettmar
Site Admin
Posts: 7057
Joined: Thu Sep 19, 2002 3:00 pm
Location: Dorset, UK
Contact:

Re: Digest authentication

Post by Marcus Tettmar » Wed Mar 06, 2019 9:14 pm

Usually the digest is sent in a header. You can do that with HTTPRequest. You can set custom headers with the HTTP_CUSTOM_HEADERS variable. See help file or here.

E.g.:

Let>HTTP_CUSTOM_HEADERS=Authorization: bearer SECRET_PASSWORD%CRLF%Accept: application/json

If you need to hash/sha256/base64 the value to make a digest/token, then you can do that too. Macro Scheduler has SH256 and BASE64 functions.

Hard to help further without seeing the actual specifications of the Endpoint you are trying to consume.
Marcus Tettmar
http://mjtnet.com/blog/ | http://twitter.com/marcustettmar

Did you know we are now offering affordable monthly subscriptions for Macro Scheduler Standard?

Post Reply