Titanium Community Questions & Answer Archive

We felt that 6+ years of knowledge should not die so this is the Titanium Community Questions & Answer Archive

Restful HTTPClient open Digest Auth

Hi everyone developing with Titanium Dev.

Im building an App that uses a Web Service API to get the info from the servers. Well… it uses Digest auth for every request.

Is there any way to auth with Digest?

Thanks

— asked June 4th 2010 by Sergio Behrends
  • auth
  • desktop
  • digest
  • http
  • httpclient
3 Comments
  • same here, anyone knows how to do it?

    — commented July 1st 2011 by Alberto Marcone
  • I also have that same problem and after trying 3 days not found solution…

    If anyone knows, ?? then please help.

    Thank u !

    — commented March 29th 2012 by Sarafaraz Babi
  • I'm having the same problem.

    I know there's a function for basic authentication you can use in a webview:

    setBasicAuthentication(username,password)

    or put:

    xhr.setRequestHeader(
        'Authorization', 
        'Basic ' + Ti.Utils.base64encode(username+':'+password));
    

    after xhr.open(); en before xhr.send();

    But that doesn't solve the DIGEST auth problem.

    There are, however, a lot of other related solution requests

    http://developer.appcelerator.com/question/117883/digest-authorization-to-restful-web-service (421 views)
    http://developer.appcelerator.com/question/121999/httpclient—set-a-proxy-with-a-digest-auth (740 views)
    http://developer.appcelerator.com/question/122074/digest-authentication (507 views)
    http://developer.appcelerator.com/question/134584/digest-authentication-with-requestheader (176 views)

    And even an (unresolved) feature request
    https://jira.appcelerator.org/browse/TIMOB-2217

    Because none of these really helped me, I tried to write the digest authentication myself, but without any success so far. ( http://jan-bart.be/archives/digest-acces-authentication-in-titanium/ )

    So, I think this is a round-up, now it would be nice if it just worked someday

    — commented May 16th 2012 by J-B V

1 Answer

  • This actually works as intended. Hopefully someone will find this useful.

    var username = 'user123';
    var password = 'pass123';
    xhr.setRequestHeader(
        'Authorization', 
        'Basic ' + Ti.Utils.base64encode(username+':'+password));
    

    I've implemented the digest authentication in PHP, so this is how the server side looks like:

    <?php
    
    // Mini Config
    $api_user = 'user123';
    $api_pass = 'pass233';
    $api_login_user = '';
    $api_login_pass = '';
    
    // Parse Auth Details From Http Request Header
    if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
        $api_login_user = $_SERVER['PHP_AUTH_USER'];
        $api_login_pass = $_SERVER['PHP_AUTH_PW'];
    } else if (isset($_SERVER['HTTP_AUTHENTICATION'])) {
        if (strpos(strtolower($_SERVER['HTTP_AUTHENTICATION']), 'basic') === 0) {
            list($api_login_user, $api_login_pass) = 
                explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
        }
    }
    
    // Check If Auth Details Are Available
    if (empty($api_login_user) || empty($api_login_pass))
    {
        // Init Login Process
        header('WWW-Authenticate: Basic realm="Login Required"');
        header('HTTP/1.0 401 Unauthorized');
        exit('Login Required');
    }
    else
    {
        // Proceed If Logged In
        if ($api_login_user == $api_user && $api_login_pass == $api_pass)
        {
            // Logged In
            exit('Hello, you are logged in!');
        }
        else
        {
            // Login Error
            exit('Invalid Login Credentials.');
        }
    }
    
    ?>
    
    — answered August 21st 2013 by Latheesan Kanesamoorthy
    permalink
    0 Comments
The ownership of individual contributions to this community generated content is retained by the authors of their contributions.
All trademarks remain the property of the respective owner.