Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Django Rest Framework DigestAuth

Build Status Pypi Package Downloads


This package provides Digest Access Authentication support for Django REST framework.

HTTP Digest requires the server to be able to calculate a hash over the user's username, password, and your realm. Since django.contrib.auth only stores a hash of the user's password, this cannot be used to authenticate HTTP Digest sessions. This package authenticates the session against the token provided by TokenAuthentication.


Install using pip, including any optional packages you want...

$ pip install djangorestframework-digestauth

...or clone the project from github.

$ git clone git@juanriaza/django-rest-framework-digestauth.git
$ cd django-rest-framework-digestauth
$ pip install -r requirements.txt

How to use it?

Check that TokenAuthentication is correctly installed.

This package provides the following authentication scheme:

  • rest_framework_digestauth.authentication.DigestAuthentication.

Follow the docs to set the authentication scheme and you're all done.


By default server-side state (specifically, the client's counter value) is stored in the database via the DigestAuthCounter model, and the "password" value is stored via Django Rest Framework's TokenAuthentication backend. Both of these things can be changed with a custom backend class. You might want to do this if you don't like the performance characteristics of storing this kind thing in your default database.

In order to do this, you should subclass AbstractDigestBackend, which has 3 methods and 1 property.

user - This property contains the user instance for the user attempting to authenticate. Please note that this user is not currently authenticated at this point.

get_password() - This should return a plain text password, or something that can be used in it's place, such as a token. Exactly what is used and how it's generated must be pre-negotiated with all clients.

get_counter(server_nonce, client_nonce) - This should return an integer, which should be equal to the last call to set_counter or None if there was not previously a counter set.

set_counter(server_nonce, client_nonce, counter) - This method should store the counter, to be returned at a later date when get_counter is called.

Once you've implimented a new backend, you can use it with the DIGESTAUTH_BACKEND setting.

DIGESTAUTH_BACKEND = 'myapp.backends.MyDigestBackend'

Running the tests

To run the tests against the current environment:

$ ./ test rest_framework_digestauth



31th Jan 2014

  • Added Python 3 support (thanks to @defrex).


1st Feb 2012

  • First release.


Digest HTTP auth for Django REST framework







No packages published

Contributors 4