http-auth

Introduction

The http-auth library contains client-side routines for HTTP basic and digest access (RFC 2617) authentication.

Requires

syntax-case
matchable
datatype
base64
md5
http
uri-generic
lalr

Library procedures

http:basic-header:: USERNAME * PASSWORD -> AUTH-HEADER

Given a username and password, creates and returns a basic access authorization header in the form of a dotted pair.

http:digest-header:: USERNAME * REALM * NONCE * URI * RESPONSE * OPAQUE * MESSAGE-QOP -> AUTH-HEADER

Creates and returns a digest authorization header. Argument OPAQUE can be #f or a string. Argument MESSAGE-QOP can be #f or one of the variant records AuthInt (nonce-count cnonce H-entity-body), Auth (nonce-count cnonce), or AuthEmpty.

The values for arguments REALM, NONCE, OPAQUE are contained in the server response. The value for argument URI must be obtained via the uri-path procedure in the uri egg. The value for argument RESPONSE is computed by procedure http:digest-response.

http:digest-response:: USERNAME * REALM * PASSWORD * METHOD * DIGEST-URI * NONCE * MESSAGE-QOP [* HA1] -> RESPONSE

Creates and returns digest response.

http:authenticate:: RESPONSE-HANDLER * GET-USER+PW * REQUEST * RETRY? [* AUTH-STATE] -> ...

An implementation of an HTTP authentication state machine.

Argument RESPONSE-HANDLER is a procedure of the form LAMBDA STATUS * RESPONSE-ATTRS * IN * OUT * QOP-STATE -> ....
Argument GET-USER+PW is a procedure of the form LAMBDA AUTH-TYPE * REALM -> USERNAME * PASSWORD, where AUTH-TYPE is one of 'BASIC or 'DIGEST.
Argument REQUEST is an HTTP request object.
Argument RETRY? can be a positive integer to specify number of authentication retries, or a boolean (#t or #f).
AUTH-STATE is a list [QOP-STATE RESPONSE-FST RESPONSE-ATTRS RESPONSE-IN RESPONSE-OUT].

When first called with an empty AUTH-STATE, this procedure sends he request as-is. If the server returns 401 Unauthorized and argument RETRY? is not #F, the procedure parses the WWW-Authenticate header returned by the server, creates an authorization header for basic or digest authentication, and resends the request. If the server returns a code other than 401, the response handler is invoked with the server response as arguments.

Example

(use http-utils)
(use http-client)
(use http-auth)
(define (default-handler status headers in out . rest)
  (close-input-port in)
  (close-output-port out)
  (print "Status: " status)
  (print "Headers: " headers))
(http:authenticate default-handler
 (lambda (auth-type realm) (list "user" "password")) 
 (http:make-request 'GET "http://server/") #t)

Authors

Ivan Raikov

Version

1.6
Now using uri-generic instead of uri library
1.5
Bug fix in digest authentication
1.3
Bug fix in basic authentication
1.2
Added lalr as a dependence
1.1
Documentation updates
1.0
Initial version

License

Copyright 2008 Ivan Raikov.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

A full copy of the GPL license can be found at <http://www.gnu.org/licenses/>.