Skip to content

feat: support "auth-int" quality-of-protection when using DigestAuth #3727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dsillman2000 wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat: support "auth-int" quality-of-protection when using DigestAuth #3727

dsillman2000 wants to merge 4 commits into from
+179 −14

Conversation

@dsillman2000
Copy link

@dsillman2000 dsillman2000 commented Dec 14, 2025
edited
Loading

Summary

Adding support for "auth-int" (message integrity authentication) quality-of-protection implementation, as specified in RFC-7616.. Additionally, updates unit tests to reflect support for the "auth-int" QoP.

Note on "example" scenario from RFC-7616

I had to change the expected response hashes from the official ones stated in the RFC-7616 Section 3.9.1 example since they don't provide an example where the client chooses to use "auth-int" QoP.

That being said, I was able to check the correctness of my implementation against httpbin using the /digest-auth/auth-int/Mufasa/CircleofLife/[MD5|SHA-256] endpoints to verify that a proper 200 status code is returned, meaning the httpbin server implementation of "auth-int" authentication agrees with the implementation added to this feature branch. Httpbin appears to support "http" requests to this endpoint, but doesn't properly support "https" requests (unexpected EoF encountered).

Integration test with HTTPBin 

from httpx import Client, DigestAuth, Request

if __name__ == "__main__":
    auth = DigestAuth(username="Mufasa", password="CircleofLife")
    # Note that I'm using locally-hosted HTTPBin over Docker since the official website is down today, Dec 14 2025.
    request = Request(
        "GET",
        # "http://httpbin.org/digest-auth/auth-int/Mufasa/CircleofLife/MD5",
        # "http://httpbin.org/digest-auth/auth-int/Mufasa/CircleofLife/SHA-256",
        # "http://0.0.0.0:80/digest-auth/auth-int/Mufasa/CircleofLife/MD5",
        "http://0.0.0.0:80/digest-auth/auth-int/Mufasa/CircleofLife/SHA-256",
    )

    with Client(auth=auth) as client:
        response = client.send(request)
        print(response.headers.raw)
        print(response.content)
        print(response.status_code) # We get a HTTP code 200 "OK"

Checklist

  • I understand that this PR may be closed in case there was no previous discussion. (This doesn't apply to typos!)
  • I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
  • I've updated the documentation accordingly.

GH Actions test failures

GH Actions seem to be failing non-deterministically for the test_proxies.py module (no changes from this PR), particularly due to timeouts when talking to example.com. I encourage a project maintainer to try re-running the checks for this PR during their review to demonstrate the non-deterministic behavior (take note of which python versions fail each time, if any).

Is there a default timeout being used for the tests which we can make more permissive?

@dsillman2000 dsillman2000 changed the title feat: support "auth-int" quality-of-protection in HTTP digest requests feat: support "auth-int" quality-of-protection when using DigestAuth Dec 15, 2025
@dsillman2000
fix: Restore original "auth" DigestAuth test cases with corrections to
560ada0 
match RFC-7616 example more closely, adding dedicated unit tests for
"auth-int" scenarios
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dsillman2000