What is Digest Authentication
Step 1. Initialize the workflow
- muteHttpExceptions is (I think undocumented) option that prevents urlfetch from crashing out and returning a null response
- this.danceStep1 WWW-Authenticate header looks like this, and a 401 status code is returned. What we need from this to construct the next request is the nonce, qop, and realm from the WWW-Authenticate header. Other implementations also return a few other things like encoding algorithm, domain and the opaque value.
- It’s quite fiddly to parse the header- for some fields there are quotes – for others there are not. I wont go into the details of that here, but the parsing code is included in the code implementation.
Step 2 – construct the digest