Hi All I'm quite new to ktor and I'm just trying to replicate the following request (to a Shelly relay) that works correctly when I run it from JB IDE http tool GET http://x.x.x.x/rpc/Shelly.GetStatus Authorization: Digest user password Content-Type: application/json * added by the tool * Connection: Keep-Alive User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.7) Accept-Encoding: br,deflate,gzip,x-gzip For some reason when I try to "convert" it to ktor I keep getting 401 response error This is how I set the client: protected val httpClientV2 = HttpClient { install(HttpTimeout) { requestTimeoutMillis = requestTimeout.toLong(DurationUnit.MILLISECONDS) connectTimeoutMillis = 5000 } install(Logging) { logger = Logger.SIMPLE level = LogLevel.ALL } developmentMode = true } val response = httpClientV2.get("http://x.x.x.x/rpc/Shelly.GetStatus") { contentType(ContentType.Application.Json) header(HttpHeaders.Authorization, "Digest user password") } this is the logged request: HttpClient: REQUEST: http://x.x.x.x/rpc/Shelly.GetStatus METHOD: HttpMethod(value=GET) COMMON HEADERS -> Accept: application/json -> Accept-Charset: UTF-8 -> Authorization: Digest user password -> Content-Type: application/json CONTENT HEADERS -> Content-Length: 0 BODY Content-Type: null BODY START BODY END and the 401 response HttpClient: RESPONSE: 401 Unauthorized I've already tried adding the same headers but nothing changes I tried installing auth plugin too, but obviously it goes the digest way with back and forth requests :) I have no problem with Basic auth requests, so I guess I'm missing something here Any suggestion ? TY

How do you encode the Digest auth in the

Authorization

header?

I tried as plain text "user password" "user:password" but also base64

Normally it's

Authorization: Basic ${base64(username:password)}

. Sounds like you're missing the

Basic

prefix

The problem is that the Digest auth is encoded differently. You can use the

Auth

plugin but the credentials is sent only on receiving 401 from the server because

sendWithoutRequest

cannot be configured for this provider. You can file an issue if you need to configure

sendWithoutRequest

for the Digest auth provider.

@Aleksei Tirman [JB] Thank you for your reply. I'm just wondering, based on ktor logs, what's different from the JB HTTP Tool request ? It looks like ktor sent the Authorization header too (without Auth plugin) the same way it is sent by the HTTP Tool (plain text)

What request are you making via the JB HTTP Tool?

The first one in my message, this :

GET <http://x.x.x.x/rpc/Shelly.GetStatus>
Content-Type: application/json
Authorization: Digest user password

plain user and pwd, nothing else

if I make the following request via IDEA:

GET <http://httpbin.org/digest-auth/auth/user/pass>
Authorization: Digest user pass

then the

Authorization

header would be the following:

Authorization: Digest username="user", realm="<mailto:me@kennethreitz.com|me@kennethreitz.com>", nonce="c134fcb2326d86828e5ad41527df8c61", uri="/digest-auth/auth/user/pass", response="89d28530b5a4c9d773643d6fb47840d5", qop=auth, nc=00000001, cnonce="b8c1b9f4148dc4a2", algorithm=MD5, opaque="44c705a09470b57255d7f695e4ca5952"

Also, IDEA makes two requests the same way as Ktor.

Oh, I see. But how do you get the “raw” request data from IDEA ? If I check the request console, and click “show request” I get what is attached at the top of my original message, I don’t see the “digest parameters” (so the confusion) and I didn’t find a way to get a verbose log

I use WireShark for analyzing network traffic.

Thank you. I was so focused on logging that I forgot to go the obvious way 🙂 Anyway I see that both “IDEA” and Ktor have 2 pair of request/response (img attached) and checking the Authorization data I can’t see any difference (of course the values) except the fact that IDEA send quoted values eg. IDEA

username="admin",
nonce="64d35762",
cnonce="0cc6deb9c12a109f"

KTOR

username=admin,
nonce=64d3601c,
cnonce=f66ec33f97fde69f,

So I’m really puzzled, and I can’t understand what’s wrong

I think this type of authentication requires the information from the first response to send the second one.

Yep and in fact I’ve also manually verified that the “response” value is correctly formed based on digest rules. Both (idea and ktor) are correct, or at least it seems to be.