Support Digest Authentication in requests

Mastercard / terraform-provider-restapi

A terraform provider to manage objects in a RESTful API

Other

815 stars 218 forks source link

Support Digest Authentication in requests #99

Open Catherine-PL opened 4 years ago

Catherine-PL commented 4 years ago

Hello, I'd like to use this provider as a configuration tool for Datadog integration in Mongo Atlas project. The Atlas' REST API requires Digest Authentication.

It would be useful to be able to provide private and public keys to the terraform-provider-restapi (in the same manner as to e.g. curl command), without needing to hash the data by hand with every request in order to be able to put the hashed info into "Authentication" header using "headers" parameter in this provider.

This feature would make usage of this provider with APIs that require Digest Authentication much easier for developers.

DRuggeri commented 4 years ago

Thanks, @Catherine-PL . This seems like a cool idea, but is this an API-specific kind of thing, or is this a common type of authentication for several APIs? I have to confess, I've never seen this authentication scheme before.

Do you have some docs you can point to?

lukasz-marek commented 3 years ago

Hi @DRuggeri !

I work together with @Catherine-PL. For an example of API that utilizes http digest auth, please take a look at https://docs.atlas.mongodb.com/api#authentication. For a more general overview, Wikipedia has an article about it.

I hope this helps.

bluemalkin commented 3 years ago

I would also like to see this implemented.

Another common API which requires digest is mongodb atlas. Please see https://docs.atlas.mongodb.com/api/#authentication

DRuggeri commented 3 years ago

Thanks, all - I didn't realize that we were talking about regular old HTTP digest authentication as specified in RFC 2617. I'm totally on board - that makes sense. Given that username and password are already settable in the provider, perhaps a new boolean flag in the provider called digest or digest_auth could trigger use of digest auth.

It gets complicated, though. Unfortunately there's no native go HTTP client support for digest auth and there are only a few libraries out there that implement it (and they seem incompatible with how the restapi_client works). I see some folks have implemented raw go to handle it like mvndaai on StackExchange - I think it'll need to be built this way.

It doesn't look too hard to do, so I'll take a look at it when I can - but of course welcome pull requests implementing it :-)

sonlir commented 2 years ago

Any updates here?

ricardoleal commented 1 year ago

I've used this client in order to make it work for an internal provider. But as i can see now, the author has archived this repo. I'm no Go dev, but this code may help.