Log in

No account? Create an account
"Digest Auth" and PHP - LiveJournal Client Discussions — LiveJournal [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

"Digest Auth" and PHP [Apr. 10th, 2005|12:41 pm]
LiveJournal Client Discussions

Hi, everyone!

I'm trying to make our LJ-powered server accessible to WAP users. In short, I have created a specific S2 style, that outputs WML, then it goes thru a PHP script to set the content-type etc. There is something else that's going on, but the reason I'm posting here is, I have to authenticate my PHP script every time it accesses any page on LJ server (../users/example/, ../users/example/friends/, ..). Only when it is authenticated, it can use that particular S2 style.

The thing is, I don't know how to authenticate. LJ uses "Digest Auth", which is basically challenge / response. For an example you might go to http://www.livejournal.com/community/lj_clients/?auth=digest
If LJ used "clear" authentication, it, of course, would be easily to implement, but how to deal with "Digest Auth" I don't know.
Can anybody help me?

And.. umm.. sorry, if this is not the right community, but I thought, you are dealing with authentication and have some ideas for me, too.


[User Picture]From: boggyb
2005-04-11 07:47 am (UTC)
RFC 2617 covers it in detail.

Simplifying it a bit, you basically get fed an algorithm to use (usually md5), a nonce value (the challenge), an opaque value (like a session cookie), and qop (quality of protection) options. You then return that lot in the clear, plus which qop you selected and which uri you're after along with a hash of all the data. You can also return your own cnonce which helps to prevent against some kinds of attack.

Never programmed it myself, but I'm sure there'll be a php library for it.
(Reply) (Thread)
From: fxool
2005-04-11 12:48 pm (UTC)
That's the main problem, that I can't find any PHP library for this.
But thanks anyway. I'm trying to do it by myself.
(Reply) (Parent) (Thread)