On this page:
make-digest-auth-header
request->digest-credentials
username*realm->password/ c
username*realm->digest-HA1/ c
password->digest-HA1
make-check-digest-credentials
Version: 4.1.5.3

4.8 Digest Authentication

 (require web-server/http/digest-auth)

An implementation of HTTP Digest Authentication.

(make-digest-auth-header realm    
  private-key    
  opaque)  header?
  realm : string?
  private-key : string?
  opaque : string?

Returns a header that instructs the Web browser to request a username and password from the client using Digest authentication with realm as the realm, private-key as the server’s contribution to the nonce, and opaque as the opaque data passed through the client.

(request->digest-credentials req)
  (or/c false/c (listof (cons/c symbol? string?)))
  req : request?

Returns the Digest credentials from req (if they appear) as an association list.

username*realm->password/c : contract?

Used to look up the password for a user is a realm.

Equivalent to (-> string? string? string?).

username*realm->digest-HA1/c : contract?

Used to compute the user’s secret hash.

Equivalent to (-> string? string? bytes?).

(password->digest-HA1 lookup-password)
  username*realm->digest-HA1/c
  lookup-password : username*realm->password/c

Uses lookup-password to find the password, then computes the secret hash of it.

(make-check-digest-credentials lookup-HA1)
  (string? (listof (cons/c symbol? string?)) . -> . boolean?)
  lookup-HA1 : username*realm->digest-HA1/c

Constructs a function that checks whether particular Digest credentials (the second argument of the returned function) are correct given the HTTP method provided as the first argument and the secret hash computed by lookup-HA1.

This is will result in an exception if the Digest credentials are missing portions.

Example:

  #lang web-server/insta
  (require scheme/pretty)
  
  (define private-key "private-key")
  (define opaque "opaque")
  
  (define (start req)
    (match (request->digest-credentials req)
      [#f
       (make-response/basic
        401 #"Unauthorized" (current-seconds) TEXT/HTML-MIME-TYPE
        (list (make-digest-auth-header
               (format "Digest Auth Test: ~a" (gensym))
               private-key opaque)))]
      [alist
       (define check
         (make-check-digest-credentials
          (password->digest-HA1 (lambda (username realm) "pass"))))
       (define pass?
         (check "GET" alist))
       `(html (head (title "Digest Auth Test"))
              (body
               (h1 ,(if pass? "Pass!" "No Pass!"))
               (pre ,(pretty-format alist))))]))