Javascript implementation of RFC 7616 HTTP Digest Authentication with support for MD5, SHA-256, SHA-512-256, session variant, username hashing, stale nonce handler and more.
Adapted from inorganik/digest-auth-request.
Forge library from digitalbazaar/forge is required.
let url = "./api/get";
let getData = "message=hello!&foo=bar";
let req = new digestAuthRequest('GET', url + "?" + getData, "username", "password");
req.request(function(resp){
console.log(resp);
},function(errorCode){
console.log("Error " + errorCode);
});let url = "./api/post";
let postData = {message:'Hello', foo:'bar'};
let req = new digestAuthRequest('POST', url);
req.request(function(resp){
console.log(resp);
},function(errorCode){
console.log("Error " + errorCode);
},postData);let url = "./api/post";
let postData = "message=hello!&foo=bar";
let req = new digestAuthRequest('POST', url);
req.request(function(resp){
console.log(resp);
},function(errorCode){
console.log("Error " + errorCode);
},postData);let req = new digestAuthRequest();
req.clrLocalToken();After a successful authentication is performed, the digest parameter is saved in JS closures and used for subsequent requests until the page is refreshed or the parameter is cleared.
To avoid browser sign in prompt, set your back-end to send a different status code if
X-Requested-With: XMLHttpRequest is being detected for example code 403.