Digest Authentication Header Generator

0.4.0 · active · verified Wed Apr 22

Indigestion is a focused Node.js library designed to generate HTTP Digest Authentication strings. It specifically takes the `WWW-Authenticate` header from a 401 response and provides the `Authorization` header content. The current stable version is v0.4.0, with releases appearing to be on-demand for maintenance or minor feature additions rather than a strict schedule, as indicated by the most recent release in February 2026. This library differentiates itself from other digest authentication solutions (like `axios-digest` or `node-digest-auth-client`) by offering only the header generation functionality, allowing developers full control over the HTTP request client and lifecycle. It aims to fill a niche where only the calculated `Digest` header string is needed, without the library dictating how the actual HTTP request is made.

Common errors

```
Error: Missing entityBody for qop='auth-int'
```
cause Attempting to generate a Digest header for a `qop=auth-int` challenge without providing the `entityBody` parameter.

fix Provide the `entityBody` (the actual request body content) as a string to the `generateDigestAuth` function when `qop` is `auth-int`.
```
TypeError: indigestion.generateDigestAuth is not a function
```
cause Incorrect import statement or attempting to call `indigestion` as a function or directly accessing properties on `indigestion` when a default export is not an object or named exports are expected differently.

fix For modern ESM and TypeScript, use `import { generateDigestAuth } from 'indigestion';`. If using CommonJS, use `const { generateDigestAuth } = require('indigestion');`.

Warnings

gotcha When `qop` (Quality of Protection) is set to `auth-int` in the `WWW-Authenticate` header, the `entityBody` parameter is no longer optional for `generateDigestAuth`. Failing to provide it will result in an incorrect digest string.
Fix: Ensure `entityBody` is passed to `generateDigestAuth` when `qop='auth-int'`. The value should be the actual request body content.
gotcha The `nc` (nonce count) parameter, if provided, is expected to be a hexadecimal string. When `generateDigestAuth` is called with an `nc`, the returned header's `nc` value will be incremented by 1 (in hexadecimal) to reflect the next expected nonce count for subsequent requests.
Fix: Be aware of the `nc` incrementing behavior if you manage nonce counts manually. Use `findNonceCount` to extract the `nc` from a previous response if needed for sequential calls.
gotcha The library requires Node.js version 12.0.0 or higher. Running in older Node.js environments may lead to unexpected errors or crashes due to unsupported syntax or APIs.
Fix: Upgrade your Node.js runtime environment to version 12.0.0 or newer. Consider using a Node Version Manager (NVM) for easy switching.

Install

npm install indigestion npm
yarn add indigestion yarn
pnpm add indigestion pnpm

Imports

generateDigestAuth
wrong:
```
import indigestion = require('indigestion'); const digest = indigestion.generateDigestAuth(...);
```
correct:
```
import { generateDigestAuth } from 'indigestion';
```
While the README shows `import indigestion = require("indigestion");`, which is a TypeScript CJS-style import, modern TypeScript and ESM usage prefers named imports. The package ships TypeScript types and supports both.
findNonceCount
wrong:
```
const findNonceCount = require('indigestion').findNonceCount;
```
correct:
```
import { findNonceCount } from 'indigestion';
```
Utility function for parsing the nonce count from an existing Digest header. Follows standard named import patterns.

Quickstart

This quickstart demonstrates a typical Digest Authentication flow using `axios` and `indigestion`. It first attempts a request, catches a 401 response, extracts the `WWW-Authenticate` header, generates the `Authorization` header using `generateDigestAuth`, and then retries the request with the generated header.

import axios from "axios";
import { generateDigestAuth } from 'indigestion';

async function makeDigestAuthenticatedRequest() {
  const username = process.env.DIGEST_USERNAME ?? 'testuser';
  const password = process.env.DIGEST_PASSWORD ?? 'testpass';
  const targetUrl = 'http://www.example.com/protected/resource'; // Replace with your target URL
  const method = 'GET';

  try {
    // First attempt: Expect a 401 Unauthorized response
    await axios.get(targetUrl);
  } catch (error: any) {
    if (error.response && error.response.status === 401) {
      const authenticateHeader = error.response.headers['www-authenticate'];
      if (!authenticateHeader) {
        throw new Error('WWW-Authenticate header not found in 401 response.');
      }

      // Generate the Digest Authorization header
      const authorizationHeader = generateDigestAuth({
        authenticateHeader,
        username,
        password,
        uri: new URL(targetUrl).pathname,
        method
      });

      // Retry the request with the generated Authorization header
      const result = await axios.get(targetUrl, {
        headers: {
          Authorization: authorizationHeader
        }
      });
      console.log('Successfully made authenticated request:', result.data);
      return result.data;
    } else {
      throw error; // Re-throw other errors
    }
  }
}

makeDigestAuthenticatedRequest().catch(console.error);

view raw JSON →