Hi Kshitij,
So you were far on your way. I made a testcase tonight against the postman-echo service available for test purposes to test rest calls of which digest auth is one.(See informative urls below)
So I build a microflow(see modelshare below) which basically does the first request to the postman-echo service acquiring the authentication details. I then get the header "WWW-Authenticate" from the 401 result which consists in my case out of the following string:
"Digest realm="Users", nonce="Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9", qop="auth"".
After extracting necesairly values i then go calculating the hashes. I created a java action for this with the following line of code:
return org.apache.commons.codec.digest.DigestUtils.md5Hex(stringToMd5);
After i've implemented this I can start with the first part, username in this case is "postman" and pass is "password". You can find the information for this call in the Url's below.
HA1= md5(user:realm:password)
= md5(postman:Users:password)
= d38e52b6bfcc38db1b146835e4e78d4a
then i go calculate the 2nd hash
HA2= md5(method:uri)
= md5(GET:/digest-auth)
= d44208d61728db39ce092dd4d9a3e278
Then as last i calculate the final response value to return with the authentication string:
Response= md5(ha1:nonce:ha2) = md5(d38e52b6bfcc38db1b146835e4e78d4a:Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9:d44208d61728db39ce092dd4d9a3e278)
= 2113c6a0a925b5a101ab2d85e05b7031
Now we're ready to setup the authtentication string. In this case that would be:
Digest username="postman", realm="Users", nonce="Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9", uri="/digest-auth", response="2113c6a0a925b5a101ab2d85e05b7031", opaque=""
And voila:
I hope this helps you on the way.
Regards,
Modelshare:
https://modelshare.mendix.com/models/dd0fc532-cf91-4f90-a491-dcf7ae943a15/digest-call
Urls:
https://docs.postman-echo.com/#70ed7920-ead1-2d20-645a-c716ab0fd137
https://docs.postman-echo.com/#a4c04e32-72cf-0475-07dc-89c23f85cf0c
Hi Kshitij,
Could the solution suggested by Faried in the following topic help you?
https://forum.mendix.com/link/questions/17212
He basically suggest combining username and pass in a md5 hashed string and add this combination to the header for authentication.
Regards