Class HTTPAuth::Digest::Challenge
In: lib/httpauth/digest.rb
Parent: AbstractHeader

The Challenge class handlers the WWW-Authenticate header. The WWW-Authenticate header is sent by a server when accessing a resource without credentials is prohibided. The header should always be sent together with a 401 status.

See the Digest module for examples

Methods

from_header   new   to_header  

Public Class methods

Parses the information from a WWW-Authenticate header and creates a new WWW-Authenticate instance with this data.

  • challenge: The contents of a WWW-Authenticate header

See initialize for valid options.

Create a new instance.

  • h: A Hash with directives, normally this is filled with directives coming from a Challenge instance.
  • options: Use to set of override data from the WWW-Authenticate header
    • :realm: The name of the realm the client should authenticate for. The RFC suggests to use a string like ‘admin@yourhost.domain.com’. Be sure to use a reasonably long string to avoid brute force attacks.
    • :qop: A list with supported qop values. For example: [‘auth-int’]. This will default to [‘auth’]. Although this implementation supports both auth and auth-int, most implementations don‘t. Some implementations get confused when they receive anything but ‘auth’. For maximum compatibility you should leave this setting alone.
    • :algorithm: The preferred algorithm for calculating the digest. For example: ‘MD5-sess‘. This will default to ‘MD5‘. For maximum compatibility you should leave this setting alone.

Public Instance methods

Encodes directives and returns a string that can be used as the WWW-Authenticate header

[Validate]