Titanium Community Questions & Answer Archive

We felt that 6+ years of knowledge should not die so this is the Titanium Community Questions & Answer Archive

Restful HTTPClient open Digest Auth

Hi everyone developing with Titanium Dev.

Im building an App that uses a Web Service API to get the info from the servers. Well… it uses Digest auth for every request.

Is there any way to auth with Digest?


— asked June 4th 2010 by Sergio Behrends
  • auth
  • desktop
  • digest
  • http
  • httpclient
  • same here, anyone knows how to do it?

    — commented July 1st 2011 by Alberto Marcone
  • I also have that same problem and after trying 3 days not found solution…

    If anyone knows, ?? then please help.

    Thank u !

    — commented March 29th 2012 by Sarafaraz Babi
  • I'm having the same problem.

    I know there's a function for basic authentication you can use in a webview:


    or put:

        'Basic ' + Ti.Utils.base64encode(username+':'+password));

    after xhr.open(); en before xhr.send();

    But that doesn't solve the DIGEST auth problem.

    There are, however, a lot of other related solution requests

    http://developer.appcelerator.com/question/117883/digest-authorization-to-restful-web-service (421 views)
    http://developer.appcelerator.com/question/121999/httpclient—set-a-proxy-with-a-digest-auth (740 views)
    http://developer.appcelerator.com/question/122074/digest-authentication (507 views)
    http://developer.appcelerator.com/question/134584/digest-authentication-with-requestheader (176 views)

    And even an (unresolved) feature request

    Because none of these really helped me, I tried to write the digest authentication myself, but without any success so far. ( http://jan-bart.be/archives/digest-acces-authentication-in-titanium/ )

    So, I think this is a round-up, now it would be nice if it just worked someday

    — commented May 16th 2012 by J-B V

1 Answer

  • This actually works as intended. Hopefully someone will find this useful.

    var username = 'user123';
    var password = 'pass123';
        'Basic ' + Ti.Utils.base64encode(username+':'+password));

    I've implemented the digest authentication in PHP, so this is how the server side looks like:

    // Mini Config
    $api_user = 'user123';
    $api_pass = 'pass233';
    $api_login_user = '';
    $api_login_pass = '';
    // Parse Auth Details From Http Request Header
    if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
        $api_login_user = $_SERVER['PHP_AUTH_USER'];
        $api_login_pass = $_SERVER['PHP_AUTH_PW'];
    } else if (isset($_SERVER['HTTP_AUTHENTICATION'])) {
        if (strpos(strtolower($_SERVER['HTTP_AUTHENTICATION']), 'basic') === 0) {
            list($api_login_user, $api_login_pass) = 
                explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
    // Check If Auth Details Are Available
    if (empty($api_login_user) || empty($api_login_pass))
        // Init Login Process
        header('WWW-Authenticate: Basic realm="Login Required"');
        header('HTTP/1.0 401 Unauthorized');
        exit('Login Required');
        // Proceed If Logged In
        if ($api_login_user == $api_user && $api_login_pass == $api_pass)
            // Logged In
            exit('Hello, you are logged in!');
            // Login Error
            exit('Invalid Login Credentials.');
    — answered August 21st 2013 by Latheesan Kanesamoorthy
The ownership of individual contributions to this community generated content is retained by the authors of their contributions.
All trademarks remain the property of the respective owner.