1.2. Digest Authentication

1.2.1. Introduction

Digest authentication is a method of HTTP authentication that improves upon Basic authentication by providing a way to authenticate without having to transmit the password in clear text across the network.

This adapter allows authentication against text files containing lines having the basic elements of digest authentication:

  • username, such as "joe.user"

  • realm, such as "Administrative Area"

  • MD5 hash of the username, realm, and password, separated by colons

The above elements are separated by colons, as in the following example (in which the password is "somePassword"):

someUser:Some Realm:fde17b91c3a510ecbaf7dbd37f59d4f8

1.2.2. Adapter

The digest authentication adapter, Zend_Auth_Digest_Adapter, provides both staticAuthenticate() and authenticate() methods. The authenticate() method accepts username, realm, and password options, as the adapter object is bound to a particular digest authentication file. The staticAuthenticate() method, however, accepts an additional filename option so that any digest authentication file may be queried.

1.2.3. Token

The digest authentication token, Zend_Auth_Digest_Token, provides the identity as an array having keys of realm and username, and the associated values correspond with those provided in the authentication attempt:

$identity = $token->getIdentity();

print_r($identity);

/*
Array
(
    [realm] => Some Realm
    [username] => someUser
)
*/