@aaqu/node-red-digest-auth 0.2.0

Node-RED nodes for HTTP Digest Authentication (RFC 7616)

npm install @aaqu/node-red-digest-auth

@aaqu/node-red-digest-auth

Node-RED nodes for HTTP Digest Authentication (RFC 7616).

Installation

npm install @aaqu/node-red-digest-auth

Or install via the Node-RED Palette Manager.

Development

cd ~/.node-red
npm install /path/to/node-red-digest-auth

Nodes

digest-auth

Middleware node that processes 401 responses and generates Digest Authorization headers.

Inputs:

  • msg.statusCode - Should be 401
  • msg.headers['www-authenticate'] - Digest challenge from server (response headers)
  • msg.url - Request URL
  • msg.method - HTTP method (optional, default: GET)
  • msg.authHeaders - Custom request headers to preserve (optional)
  • msg.payload - Request body for POST/PUT (optional)

Outputs:

  • msg.url - Original request URL
  • msg.method - HTTP method
  • msg.headers - Object with authHeaders + Authorization header
  • msg.payload - Preserved from input (if present)

digest-auth-credentials

Configuration node for storing username and password securely.

Supported Algorithms

Algorithm Status
SHA-256 Recommended
SHA-256-sess Supported
SHA-512-256 Supported
SHA-512-256-sess Supported
MD5 Legacy (not recommended)
MD5-sess Legacy

Example Flow

[inject] → [http request] → [switch: 401?] → [digest-auth] → [http request] → [debug]
                                  ↓
                            [debug] (other status)
  1. Inject - Triggers the request with URL
  2. HTTP Request - Sends initial unauthenticated request
  3. Switch - Checks if response is 401
  4. digest-auth - Generates Authorization header from WWW-Authenticate
  5. HTTP Request - Retries with authentication
  6. Debug - Shows the result

Import Example

Go to Menu → Import → Examples → @aaqu/node-red-digest-auth to import a ready-to-use example flow.

Configuration

digest-auth node

Property Description
Credentials Reference to digest-auth-credentials config node
Algorithm Preferred algorithm (SHA-256 recommended)
QoP Quality of Protection: auth or auth-int

digest-auth-credentials node

Property Description
Name Optional display name
Username Authentication username
Password Authentication password (stored securely)

Using Custom Headers

To send custom headers (like Content-Type, X-API-Key, etc.) with your authenticated request:

  1. Set msg.authHeaders in your inject or function node:

    msg.authHeaders = {
    "Content-Type": "application/json",
    "X-Custom-Header": "value"
};

  2. Configure your first HTTP Request node to use msg.authHeaders for outgoing headers

  3. After digest-auth processes the 401 response, msg.headers will contain:

    • All headers from msg.authHeaders
    • The generated Authorization header

  4. The second HTTP Request node uses msg.headers by default

API

lib/crypto.js

const { calculateDigestResponse, generateCnonce } = require('@aaqu/node-red-digest-auth/lib/crypto');

const response = calculateDigestResponse({
    algorithm: 'SHA-256',
    username: 'user',
    realm: 'example.org',
    password: 'secret',
    method: 'GET',
    uri: '/path',
    nonce: 'server-nonce',
    nc: '00000001',
    cnonce: generateCnonce(),
    qop: 'auth'
});

lib/parser.js

const { parseWWWAuthenticate } = require('@aaqu/node-red-digest-auth/lib/parser');

const challenge = parseWWWAuthenticate('Digest realm="test", nonce="abc123", qop="auth"');
// { realm: 'test', nonce: 'abc123', qop: ['auth'], algorithm: 'MD5' }

lib/formatter.js

const { formatAuthorizationHeader } = require('@aaqu/node-red-digest-auth/lib/formatter');

const header = formatAuthorizationHeader({
    username: 'user',
    realm: 'example.org',
    nonce: 'server-nonce',
    uri: '/path',
    algorithm: 'SHA-256',
    nc: '00000001',
    cnonce: 'client-nonce',
    qop: 'auth',
    response: 'calculated-hash'
});
// 'Digest username="user", realm="example.org", ...'

Security Notes

  • Use SHA-256 - MD5 is deprecated and should only be used for legacy systems
  • Always use TLS - Digest Auth does not protect against MITM attacks
  • Credentials are stored securely - Not exported with flows

References

Changelog

0.2.0 (2026-01-29)

  • Breaking: Clean output from digest-auth node - returns only url, method, headers, and payload
  • Added msg.authHeaders support for custom headers preservation
  • Custom headers from msg.authHeaders are merged with Authorization in output msg.headers
  • Removed msg.digestAuth debug object from output
  • Updated documentation and example flow

0.1.3

  • Fixed npm publish warnings (repository URL, added bugs and homepage fields)
  • Renamed example file to lowercase (basic-digest-auth.json)

0.1.2

  • Fixed GitHub publish workflow

0.1.1

  • Testing GitHub Actions
  • Updated package.json with git repository URL
  • Fixed typos

0.1.0

  • Initial release

License

MIT

Node Info

Version: 0.2.0
Updated 18 hours ago
License: MIT
Rating: not yet rated
View on npm
View on GitHub
View Scorecard 12

Categories

Actions

Rate:

Downloads

143 in the last week

Nodes

  • digest-auth-credentials
  • digest-auth

Keywords

  • aaqu
  • aaqu-portal
  • node-red
  • digest
  • authentication
  • http
  • auth
  • rfc7616

Maintainers