Digest access authentication: 401 response messages with WWW-Authenticate

Question

Digest access authentication: 401 response messages with WWW-Authenticate

Opened this issue 6 years ago · 1 comments

https://en.wikipedia.org/wiki/Digest_access_authentication

https://tools.ietf.org/html/rfc2617#section-3.2.1

https://tools.ietf.org/html/rfc7235#section-4.1

Answer 1 · 2018-10-16T07:16:34.000Z

if
  request not signed
  and method not GET OR POST
  and path is /profile/new

  then
    header {
      status=401
      www-authenticate= Signature algorithm=ed25519,headers="(request-target)  host date digest content-length",signature
    }
end

request needs to add
Authorization:

Signature keyId=[profile-uuid],algorithm="ed25519",
headers="(request-target) host date digest content-length",
signature="Base64(ed25519(signing string))"

https://tools.ietf.org/html/draft-cavage-http-signatures-10#section-3.1.1
https://tools.ietf.org/html/rfc2617#section-3.2.1