HTTP Digest is a mechanism used to improve the Basic authentication process in the HTTP protocol. MD5 is normally used to encrypt the user information, key, and realm, although other algorithms, such as SHA, can also be used in its different variants, which improve security.

Digest access authentication extends Basic access authentication by using a one-way hashing cryptographic algorithm (MD5) to first encrypt authentication information, and then add a unique connection value.

This value is used by the client browser in the process of calculating the password response in the hash format. Although the password is obfuscated by the use of a cryptographic hash, and the use of the unique value prevents the threat of a replay attack, the login name is sent as plain text.

Assuming we have a URL protected with this type of authentication, in Python, it would be as follows:

>>> import requests
>>> from requests.auth import HTTPDigestAuth
>>> response = requests.get(protectedURL, auth=HTTPDigestAuth(user,passwd))

We can use this script to test access to a protected-resource Digest Authentication. The script is similar to the previous one with Basic Authentication. The main difference is the part where we send the username and password over the protected URL, http://httpbin.org/digest-auth/auth/user/pass.

In this screenshot, we can see that with Digest Authentication, the authorization request header is established with the username, realm, and the MD5 algorithm:

You can find the following code in the digest_authentication.py file:

#!/usr/bin/env python3
import requests
from requests.auth import HTTPDigestAuth

url = 'http://httpbin.org/digest-auth/auth/user/pass'

response = requests.get(url, auth=HTTPDigestAuth('user', 'pass'))
print('Response.status_code:'+ str(response.status_code))
if response.status_code == 200:
    print('Login successful :'+str(response.json()))