Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Zend\Http\Client does not support HTTP Digest Authentication #2646

adamlundrigan opened this Issue · 12 comments

5 participants


Zend\Http\Client::calcAuthDigest` appears to have the workings for Digest Authentication (, but it is not integrated into the request flow.


I've begun working on a fix for this:
In it's current state, the implementation works but is in need of major overhaul/cleanup plus unit tests.


  • nonceCount (nc) and clientNonce (cnonce) should be internalized instead of being set by the user
    (nc is auto-increment; cnonce is random)

  • Handling of response generation when qop value is auth-int may need updating

  • Major refactoring of method calcAuthDigest is necessary

  • Implement "Mock Server" adapter for Client which generates responses containing WWW-Authenticate and Authentication-Info headers where appropriate (necessary for unit testing)

  • Validate implementation of Client::calcAuthDigest method plus the relevant Header classes against RFC 2617

    • Zend\Http\Header\WWWAuthenticate
    • Zend\Http\Header\AuthenticationInfo
    • Zend\Http\Header\Authorization

@adamlundrigan are you still working on this?


@jcrawford I do have plans to come back around to it, but unfortunately I can't make it a priority and won't have time to work on it for at least the next few weeks, possibly months. If you want to move ahead with it feel free to do so


@adamlundrigan I will start to take a look at this for my next contribution :)


Any updates? If not, I might suggest we close this in favor of a PR when it is ready.


I apologize but I have not yet been able to get to diagnosing and fixing this issue. If you close the ticket I will most definitely forget the issue exists lol


haha, ok- well, do you have an idea when you might be able to have a look? :)


I can try to get to it by the end of week next week. I have a few interviews to go on out of town :)


Ok, we'll keep it open for a couple of weeks then, thanks!


@jcrawford and @adamlundrigan

have you some updates?


Apologies I have not been able to get to this and probably will not be able to for a while, you can go ahead and close this and create a PR if you would like. I will be getting back into contributing but I don't have an ETA on when I will be able to fit in the time. I have been travelling quite a bit going to interviews and have been very busy with every day life recently.


Closing; if you're interested in re-opening, create a pull request with an implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.