Is it possible to use Digest Auth in HTTP module?
- If yes: how?
- If not: what you suggest?
Is it possible to use Digest Auth in HTTP module?
Hi @ITSM_Costalis ,
Welcome to the make community!
I’ve looked into Digest Authentication, and it does look like it should be possible with Make, but I’ve not personally tried it.
You’d need two HTTP modules. The first module would ping your URL. The server should then return the nonce that you can hash in the second HTTP module. The first HTTP module will return 401 error, so you’ll need an error handler to direct the flow to your second module.
Something like this:
How familiar are you with Make and Digest Authentication? Would you like more detail, or is that enough to get you started?
@Terry_Hopper could you share a blueprint of an example? I could never get the digest authentication to work.
Hi @Zbulo ,
I don’t have an example to share yet. The screenshot above was a mock up of how the two modules would interact.
Do you have an example of a (free!) service that uses Digest authentication that I could set up a connection to? I could then get it set up and share the blueprint.
Thanks for the offer @Terry_Hopper. Unfortunately, I don’t have a service at hand. In my case, I’m trying to connect to the API of a device. Perhaps @ITSM_Costalis had one at hand?
Hi @Terry_Hopper,
Thanks so much for your input here!
When I make a --digest auth call, I end up with a nonce (and an “opaque”) value in the collection of output headers that I can access in the following step - no error handler needed:
Digest realm="bsns-admin"
qop="auth,auth-int"
nonce="6f6dfb807bc5d7e84d2b"
opaque="934a0ef735ce666370ede"
I’ve seen another proposed solution, but there is just a picture of the scenario flow - no details on the config: Digest Auth for my Clock PMS custom app - #4 by andrtvrd
What do I do with the nonce to achieve digest authorization?
My understanding is that I need to hash per MD5, but not sure what all to stick in there or how to invoke the results in a subsequent HTTP call
Thanks!
for reference: What is digest authentication? - Stack Overflow
Hi @mixelpix,
The Wikipedia page on this is very good:
So in Make, you’ll need to (1) extract “realm”, “nonce”, and “opaque” from that header, (2) calculate the “response” value (which is the MD5 hash(s) including your username and password), and then (3) build up the “Authorization” header in your second HTTP module.
I’ve seen another proposed solution, but there is just a picture of the scenario flow - no details on the config: Digest Auth for my Clock PMS custom app - #4 by andrtvrd
The Text Parsers in this example where presumably to read the values from the returned header, before calculating the response.
You’ll need to add a custom header to you HTTP Module to pass the results back to the server. Like this:
Because the “qop” (Quality of Protection) from your server includes “auth”, you’ll calculate your response using this format:
So your setup in Make, may look more like this:
Hopefully this gives you a head start. Do come back to the community if you run into any problems!
Thanks so much, @Terry_Hopper !
I hafta put this effort on hold for right now, but will return here with a solution.
In these kinds of situations, I usually use curl in the command line rather than Postman. Adding a -v
flag to the curl command, I see how I am ending up with:
< ...
< HTTP/2 401
< date: Sat, 28 Oct 2023 17:09:07 GMT
< content-type: text/html; charset=UTF-8
< server: nginx
< www-authenticate: Digest realm="prisma-admin", qop="auth,auth-int", nonce="b01cac22070514b34126a0ba4833a52c", opaque="709b3d2eed0439ed29788de47a205f1c"
< x-frame-options: sameorigin
< x-frame-options: sameorigin
<
* Connection #0 to host api.getalma.com left intact
…so onwards I’ll be parsing out the values I need from the www-authenticate
key
@Terry_Hopper I’m trying to implement this but getting a “wrong password” error back from the server. Any ideas for how to debug this?
I’m assuming the cnonce is something I can generate at random - is this correct?
My realm has a space in it - is that likely to be an issue?
Thanks!
Hi @ttt ,
Firstly, yes, the cnonce can be something you generate at random. You only need the cnonce and nonce-count if the server has specified a qop in their response. In the examples above, that looked like qop="auth,auth-int"
.
So the exact setup will depend on the server you’re connecting to. Do you have a link to any documentation for the server?
Also, please do include screenshots of the error messages you’re seeing and screenshots of how you’ve configured the scenario modules in Make for us to help you debug.
Hi @Terry_Hopper - thanks for pointing me in the right direction - managed to get it working. The issue was that I was extracting the nonce=" along with the actual nonce value and hashing this.
Happy to provide a blueprint if it’s of use to anyone.
Hi @ttt,
That’s awesome. Good job.
Yes, a blueprint would be really useful for the community to refer back to. Thank you.
Hello @ttt
Hust wanted to step in and pat you on the back for the great job you and @Terry_Hopper did while figuring out your struggle.
FYI. I marked your comment as a solution to keep our community organized and neat.
Keep up the great job!
Thanks - is there a preferred format for adding a blueprint here? Do I just paste the json?
Hi @ttt,
It’s best to upload the blueprint file in this forum; then other members can download it and import it without using a text editor. Use the button in the toolbar that looks like this:
Hi @ttt : )
Can you provide the blueprint here? I am struggling to get all the needed details added to Make.com for the Authentication (I can’t believe this is a native function :S).
Thank you so much for your time and effort!
Michael
Here you go. No need for the first module to be basic auth - plain http is fine.
Also you can probably streamline this to use less ops but it proves the concept.
Hope this helps.
blueprint digest.json (33.2 KB)
Thank you so much @ttt ! Thanks for providing the blueprint and taking the time for me and the community as well :)!
Have a great week ahead