Are there any digest auth client filters anywhere?...
# http4k
a
Are there any digest auth client filters anywhere? I know there's an okhttp authenticator I can wrap into a filter, but it would be a pain.
d
Not afaik. We've never used one. feel free to PR one back to the core though! 🙃
a
If I end up having to write my own, I would be happy to.
👍 1
r
Looking at ktor's implementation looks like a pain in the a** to implement a full specifications support one, so I guess better use a specific filter for your need.
a
Think it's better to not have a filter at all if it doesn't implement the full spec?
d
Tbh, I think it might be quite simple to take the Ktor version and transpose it onto a Filter.
You can maybe just modify it to inject the algorithm implementation...
a
Both http4k and ktor are licensed under Apache 2.0; does that mean we can include the ktor version with only minor modifications?
d
We're not GPL so yep should be fine. We'll probably refactor it to.make it a bit more Http4k-y though if the style is different
a
Modifying https://github.com/rburgst/okhttp-digest into a filter worked fine for my own project, but I think the ktor version IS better. I think I'll take a stab at the ktor version this weekend. What kind of tests would be appropriate? I'd rather not make a full server filter just for testing; so maybe the test would send mock responses during the negotiation?
d
As with everything Http4k, testing should be pretty easy - just pass a function that returns the correct Response objects - no need for mocks. 😉
a
Almost done with the client and server filters. ktor wasn't actually fully compliant, and doesn't implement the
auth-int
QoP or the
MD5-sess
algorithm. Apparently those features don't actually have wide browser support, so it may be ok to just ignore them.