Digest authentication in Android using HttpURLConnection

by

The answer is, that HttpUrlConnection does not support digest.

You therefore have to implement RFC2617 by yourself.

You can use the following code as a baseline implementation: HTTP Digest Auth for Android.

The steps involve (see RFC2617 for reference):

  • If you get a 401 response, iterate over all WWW-Authenticate headers and parse them:
    • Check if algorithm is MD5 or undefined, (optionally select the auth qop option), otherwise ignore the challenge and go to the next header.
    • Get the credentials using Authenticator.requestPasswordAuthentication.
    • Calculate H(A1) using the username, realm and password.
    • Store the canonical root URL, realm, HA1, username, nonce (+ optionally algorithm, opaque and the client selected qop option if present).
    • Retry the request.
  • On each request, iterate over all realms you have session information stored for by canonical root URL:
    • Calculate H(A2) using the request method and path.
    • Calculate H(A3) using HA1, nonce (+ optionally nc, cnonce, qop) and HA2.
    • Build and add the Authorization header to your HttpUrlConnection.
  • Implement some sort of session pruning.

By using Authenticator, you can make sure, that as soon as HttpUrlConnection supports digest natively, your code is not being used anymore (because you wont receive the 401 in the first place).

This is just a quick summary on how to implement it, for you to get an idea.

If you want to go further you would probably like to implement SHA256 as well: RFC7616

More Related Contents:

  1. org.apache.http.entity.FileEntity is deprecated in Android 6 (Marshmallow)
  2. Android download binary file problems
  3. Sending a JSON HTTP POST request from Android
  4. Getting java.net.SocketTimeoutException: Connection timed out in android
  5. java.io.IOException : No authentication challenges found
  6. HttpURLConnection.getResponseCode() returns -1 on second invocation
  7. Apache HttpClient Digest authentication
  8. URLConnection getContentLength() is returning a negative value
  9. IOException: “Received authentication challenge is null” (Apache Harmony/Android)
  10. How do I persist cookies when using HTTPUrlConnection?
  11. Android’s HttpURLConnection throws EOFException on HEAD requests
  12. Nothing is populated from ArrayList to ListView
  13. How can We set and get System propertiesi in Android Q
  14. How to draw the route between my current location and destination?
  15. Android ListView headers
  16. bitmap size exceeds Vm budget error android
  17. Android – SPAN_EXCLUSIVE_EXCLUSIVE spans cannot have a zero length
  18. Encryption of video files?
  19. Best way to compare dates in Android
  20. IntelliJ IDEA with Junit 4.7 “!!! JUnit version 3.8 or later expected:”
  21. Android project using httpclient –> http.client (apache), post/get method
  22. how to use okhttp to upload a file?
  23. InflateException: Binary XML file line #1: Error inflating class caused by OutOfMemoryError
  24. Openssl is not recognized as an internal or external command
  25. Online radio streaming app for Android
  26. Read error response body in Java
  27. LinearLayoutManager setReverseLayout() == true but items stack from bottom
  28. Android file uploader with server-side php
  29. How I can convert a bitmap into PDF format in android [closed]
  30. Prevent flipping of the front facing camera

Leave a Comment