tessl/maven-io-ktor--ktor-client-auth-js
Ktor client authentication and authorization plugin for JavaScript platforms supporting Basic, Digest, and Bearer token authentication with automatic token refresh
—
Pending
digest-authentication.mddocs/
Digest Authentication
HTTP Digest authentication provider supporting MD5 and other hash algorithms with automatic nonce handling, client nonce generation, and response digest validation for more secure username/password authentication compared to Basic auth.
Capabilities
Digest Authentication Provider Installation
Install the Digest authentication provider with configuration for algorithm and credential management.
/**
* Installs the client's DigestAuthProvider
* @param block Configuration block for Digest authentication
*/
fun AuthConfig.digest(block: DigestAuthConfig.() -> Unit)Usage Example:
import io.ktor.client.*
import io.ktor.client.plugins.auth.*
import io.ktor.client.plugins.auth.providers.*
val client = HttpClient {
Auth {
digest {
credentials {
DigestAuthCredentials("username", "password")
}
algorithmName = "MD5"
realm = "ProtectedRealm"
}
}
}Digest Authentication Configuration
Configuration class for DigestAuthProvider with algorithm selection, credential management, and realm specification.
/**
* Configuration for DigestAuthProvider
*/
class DigestAuthConfig {
/**
* Digest algorithm name (default: "MD5")
* Supports MD5 and other cryptographic hash algorithms
*/
var algorithmName: String
/**
* Optional realm specification for Digest authentication
*/
var realm: String?
/**
* Configures authentication credentials provider
* @param block Suspend function that returns Digest credentials or null
*/
fun credentials(block: suspend () -> DigestAuthCredentials?)
}Usage Examples:
digest {
// Static credentials with MD5 algorithm
credentials {
DigestAuthCredentials("alice", "secretpassword")
}
algorithmName = "MD5"
realm = "AdminArea"
}
// Advanced configuration with dynamic credentials
digest {
credentials {
val userCredentials = getCurrentUserCredentials()
if (userCredentials != null) {
DigestAuthCredentials(userCredentials.username, userCredentials.password)
} else null
}
// Use SHA-256 algorithm if supported by server
algorithmName = "SHA-256"
// Match specific realm
realm = "api.example.com"
}Digest Authentication Credentials
Container class for Digest authentication credentials.
/**
* Contains credentials for DigestAuthProvider
* @param username Username for Digest authentication
* @param password Password for Digest authentication (used to generate digest)
*/
class DigestAuthCredentials(
val username: String,
val password: String
)Digest Authentication Provider
Authentication provider implementation for the HTTP Digest authentication scheme with automatic nonce handling and digest calculation.
/**
* Authentication provider for the Digest HTTP authentication scheme
* Digest authentication is a more secure alternative to Basic authentication
* that avoids sending passwords in plain text by using cryptographic hashes
*/
class DigestAuthProvider(
private val credentials: suspend () -> DigestAuthCredentials?,
private val realm: String? = null,
private val algorithmName: String = "MD5"
) : AuthProvider {
// Note: clearToken() method is available but marked as @InternalAPI
override fun sendWithoutRequest(request: HttpRequestBuilder): Boolean
override fun isApplicable(auth: HttpAuthHeader): Boolean
override suspend fun addRequestHeaders(request: HttpRequestBuilder, authHeader: HttpAuthHeader?)
override suspend fun refreshToken(response: HttpResponse): Boolean
}Usage Examples:
import io.ktor.client.*
import io.ktor.client.plugins.auth.*
import io.ktor.client.plugins.auth.providers.*
// Basic Digest authentication setup
val client = HttpClient {
Auth {
digest {
credentials {
DigestAuthCredentials("user", "password")
}
}
}
}
// Advanced Digest authentication with custom algorithm
val secureClient = HttpClient {
Auth {
digest {
credentials {
// Load from secure credential store
loadDigestCredentialsFromVault()
}
algorithmName = "SHA-256"
realm = "secure-api"
}
}
}
// Multiple authentication methods
val multiAuthClient = HttpClient {
Auth {
// Digest for secure endpoints
digest {
credentials {
DigestAuthCredentials("admin", "secure-password")
}
realm = "admin"
}
// Basic for legacy endpoints
basic {
credentials {
BasicAuthCredentials("user", "simple-password")
}
realm = "public"
}
}
}
// Note: clearToken() is available as internal API for clearing cached credentialsAuthentication Flow
- Initial Request: Server responds with 401 Unauthorized containing WWW-Authenticate header with Digest challenge
- Challenge Processing: Provider extracts nonce, realm, qop, and other parameters from challenge
- Algorithm Validation: Provider verifies that server's algorithm matches configured algorithm
- Realm Matching: Provider validates realm from challenge matches configured realm (if specified)
- Digest Calculation: Provider calculates digest using:
- Username and password from credentials
- HTTP method and request URI
- Server nonce and optional client nonce
- Configured algorithm (MD5, SHA-256, etc.)
- Authorization Header: Provider constructs Authorization header with calculated digest
- Request Retry: Request is retried with Digest authorization header
- Token Caching: Successful authentication results are cached for subsequent requests to same realm
Digest Algorithm Support
The DigestAuthProvider supports multiple cryptographic algorithms:
- MD5 (default): Most widely supported, suitable for most use cases
- SHA-256: More secure alternative, requires server support
- Other algorithms: As supported by the Kotlin cryptographic libraries
The algorithm is negotiated based on the server's WWW-Authenticate challenge and the configured algorithmName setting.
Install with Tessl CLI
npx tessl i tessl/maven-io-ktor--ktor-client-auth-js