You are looking at historical revision 11507 of this page. It may differ significantly from its current revision.
The http-auth library contains client-side routines for HTTP basic and digest access (RFC 2617) authentication.
http:basic-header:: USERNAME * PASSWORD -> AUTH-HEADER
Given a username and password, creates and returns a basic access authorization header in the form of a dotted pair.
http:digest-header:: USERNAME * REALM * NONCE * URI * RESPONSE * OPAQUE * MESSAGE-QOP -> AUTH-HEADER
Creates and returns a digest authorization header. Argument OPAQUE can be #f or a string. Argument MESSAGE-QOP can be #f or one of the variant records AuthInt (nonce-count cnonce H-entity-body), Auth (nonce-count cnonce), or AuthEmpty.
The values for arguments REALM, NONCE, OPAQUE are contained in the server response. The value for argument URI must be obtained via the uri-path procedure in the uri egg. The value for argument RESPONSE is computed by procedure http:digest-response.
http:digest-response:: USERNAME * REALM * PASSWORD * METHOD * DIGEST-URI * NONCE * MESSAGE-QOP [* HA1] -> RESPONSE
Creates and returns digest response.
http:authenticate:: RESPONSE-HANDLER * GET-USER+PW * REQUEST * RETRY? [* AUTH-STATE] -> ...
An implementation of an HTTP authentication state machine.
- Argument RESPONSE-HANDLER is a procedure of the form LAMBDA STATUS * RESPONSE-ATTRS * IN * OUT * QOP-STATE -> ....
- Argument GET-USER+PW is a procedure of the form LAMBDA AUTH-TYPE * REALM -> USERNAME * PASSWORD, where AUTH-TYPE is one of 'BASIC or 'DIGEST.
- Argument REQUEST is an HTTP request object.
- Argument RETRY? can be a positive integer to specify number of authentication retries, or a boolean (#t or #f).
- AUTH-STATE is a list [QOP-STATE RESPONSE-FST RESPONSE-ATTRS RESPONSE-IN RESPONSE-OUT].
When first called with an empty AUTH-STATE, this procedure sends he request as-is. If the server returns 401 Unauthorized and argument RETRY? is not #F, the procedure parses the WWW-Authenticate header returned by the server, creates an authorization header for basic or digest authentication, and resends the request. If the server returns a code other than 401, the response handler is invoked with the server response as arguments.
(use http-utils) (use http-client) (use http-auth)
(define (default-handler status headers in out . rest) (close-input-port in) (close-output-port out) (print "Status: " status) (print "Headers: " headers))
(http:authenticate default-handler (lambda (auth-type realm) (list "user" "password")) (http:make-request 'GET "http://server/") #t)
- Bug fix in digest authentication
- Bug fix in basic authentication
- Added lalr as a dependence
- Documentation updates
- Initial version
Copyright 2008 Ivan Raikov.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
A full copy of the GPL license can be found at <http://www.gnu.org/licenses/>.