npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aaqu/node-red-digest-auth

v0.2.0

Published

Node-RED nodes for HTTP Digest Authentication (RFC 7616)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aaquaaqu

Keywords

aaquaaqu-portalnode-reddigestauthenticationhttpauthrfc7616

Readme

@aaqu/node-red-digest-auth

Node-RED nodes for HTTP Digest Authentication (RFC 7616).

Installation

npm install @aaqu/node-red-digest-auth

Or install via the Node-RED Palette Manager.

Development

cd ~/.node-red
npm install /path/to/node-red-digest-auth

Nodes

digest-auth

Middleware node that processes 401 responses and generates Digest Authorization headers.

Inputs:

  • msg.statusCode - Should be 401
  • msg.headers['www-authenticate'] - Digest challenge from server (response headers)
  • msg.url - Request URL
  • msg.method - HTTP method (optional, default: GET)
  • msg.authHeaders - Custom request headers to preserve (optional)
  • msg.payload - Request body for POST/PUT (optional)

Outputs:

  • msg.url - Original request URL
  • msg.method - HTTP method
  • msg.headers - Object with authHeaders + Authorization header
  • msg.payload - Preserved from input (if present)

digest-auth-credentials

Configuration node for storing username and password securely.

Supported Algorithms

| Algorithm | Status | |-----------|--------| | SHA-256 | Recommended | | SHA-256-sess | Supported | | SHA-512-256 | Supported | | SHA-512-256-sess | Supported | | MD5 | Legacy (not recommended) | | MD5-sess | Legacy |

Example Flow

[inject] → [http request] → [switch: 401?] → [digest-auth] → [http request] → [debug]
                                  ↓
                            [debug] (other status)
  1. Inject - Triggers the request with URL
  2. HTTP Request - Sends initial unauthenticated request
  3. Switch - Checks if response is 401
  4. digest-auth - Generates Authorization header from WWW-Authenticate
  5. HTTP Request - Retries with authentication
  6. Debug - Shows the result

Import Example

Go to Menu → Import → Examples → @aaqu/node-red-digest-auth to import a ready-to-use example flow.

Configuration

digest-auth node

| Property | Description | |----------|-------------| | Credentials | Reference to digest-auth-credentials config node | | Algorithm | Preferred algorithm (SHA-256 recommended) | | QoP | Quality of Protection: auth or auth-int |

digest-auth-credentials node

| Property | Description | |----------|-------------| | Name | Optional display name | | Username | Authentication username | | Password | Authentication password (stored securely) |

Using Custom Headers

To send custom headers (like Content-Type, X-API-Key, etc.) with your authenticated request:

  1. Set msg.authHeaders in your inject or function node:

    msg.authHeaders = {
    "Content-Type": "application/json",
    "X-Custom-Header": "value"
};

  2. Configure your first HTTP Request node to use msg.authHeaders for outgoing headers

  3. After digest-auth processes the 401 response, msg.headers will contain:

    • All headers from msg.authHeaders
    • The generated Authorization header

  4. The second HTTP Request node uses msg.headers by default

API

lib/crypto.js

const { calculateDigestResponse, generateCnonce } = require('@aaqu/node-red-digest-auth/lib/crypto');

const response = calculateDigestResponse({
    algorithm: 'SHA-256',
    username: 'user',
    realm: 'example.org',
    password: 'secret',
    method: 'GET',
    uri: '/path',
    nonce: 'server-nonce',
    nc: '00000001',
    cnonce: generateCnonce(),
    qop: 'auth'
});

lib/parser.js

const { parseWWWAuthenticate } = require('@aaqu/node-red-digest-auth/lib/parser');

const challenge = parseWWWAuthenticate('Digest realm="test", nonce="abc123", qop="auth"');
// { realm: 'test', nonce: 'abc123', qop: ['auth'], algorithm: 'MD5' }

lib/formatter.js

const { formatAuthorizationHeader } = require('@aaqu/node-red-digest-auth/lib/formatter');

const header = formatAuthorizationHeader({
    username: 'user',
    realm: 'example.org',
    nonce: 'server-nonce',
    uri: '/path',
    algorithm: 'SHA-256',
    nc: '00000001',
    cnonce: 'client-nonce',
    qop: 'auth',
    response: 'calculated-hash'
});
// 'Digest username="user", realm="example.org", ...'

Security Notes

  • Use SHA-256 - MD5 is deprecated and should only be used for legacy systems
  • Always use TLS - Digest Auth does not protect against MITM attacks
  • Credentials are stored securely - Not exported with flows

References

Changelog

0.2.0 (2026-01-29)

  • Breaking: Clean output from digest-auth node - returns only url, method, headers, and payload
  • Added msg.authHeaders support for custom headers preservation
  • Custom headers from msg.authHeaders are merged with Authorization in output msg.headers
  • Removed msg.digestAuth debug object from output
  • Updated documentation and example flow

0.1.3

  • Fixed npm publish warnings (repository URL, added bugs and homepage fields)
  • Renamed example file to lowercase (basic-digest-auth.json)

0.1.2

  • Fixed GitHub publish workflow

0.1.1

  • Testing GitHub Actions
  • Updated package.json with git repository URL
  • Fixed typos

0.1.0

  • Initial release

License

MIT