0

Is it possible to use both of them?

Currently i have a Rest API protected by Digest Auth, One of the developers is struggling to get their Android application working with Digest and suggested if could use Basic and OR Digest depending on the Header sent?

Is there anything specific sent from Digest Vs Basic i could use to determine a switch statement in my PHP Code?

It does go against what i want and understand the difference in security, this is just a fall back in case of worst case scenario.

For example something like this:

$headers = apache_request_headers();


if(isset($headers['Authorization'])){
        if (strpos($headers['Authorization'], "Digest")!== false) {

            // Use Digest Authentication Method
            echo "You are using Digest Auth ";

        } else if (strpos($headers['Authorization'], "Basic")!== false){

            // Use Basic Authentication Method
            Echo "You are using Basic Auth";

        }
}

This code works, but Digest does not appear to send Digest in the Authorization header by default, its something that has to be passed across manually, this is in my experience when working with Postman and my GET Application communicating with my Rest API.

Dave Hamilton
  • 675
  • 1
  • 12
  • 23
  • The authorization header will begin with the string Digest or Basic (and few others), followed by white space then the parameters. That is what you need to check. – Salman A Sep 23 '21 at 12:31
  • Yes you are correct, after digging around abit more, i can see by default Digest method does not send Digest in the Authorization header on the initial call, so it would have to be manually specified for me to pick it up. A workaround at least. – Dave Hamilton Sep 23 '21 at 12:50
  • Apache will hide certain headers from scripts ([ref](https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers)). – Salman A Sep 23 '21 at 12:57

0 Answers0