-
Notifications
You must be signed in to change notification settings - Fork 0
DigestCredential
Class DigestCredential.
Represents the parsed credential set for HTTP Digest Authentication (RFC 7616). Digest Authentication uses a challenge–response mechanism that avoids transmitting passwords in plaintext, but several fields remain highly sensitive because they directly participate in the hash computation or reflect secret client state.
Implementations handling this class MUST treat the response, cnonce,
nonce, and nc parameters as sensitive information. These values
MUST NOT be logged, exposed, or included in error messages. While the
original password is not transmitted, the combination of these fields
MAY allow offline credential recovery if leaked.
The username, realm, and uri fields generally do not contain
secret information, though they SHOULD still be handled carefully.
- Full name:
\FastForward\Http\Message\Header\Authorization\DigestCredential - This class is marked as final and can't be subclassed
- This class implements:
\FastForward\Http\Message\Header\Authorization\AuthorizationCredential - This class is a Final class
public string $usernamepublic string $realmpublic string $noncepublic string $uripublic string $responsepublic string $qoppublic string $ncpublic string $cnoncepublic ?string $opaquepublic ?string $algorithmCreates a Digest Authentication credential.
public __construct(string $username, string $realm, string $nonce, string $uri, string $response, string $qop, string $nc, string $cnonce, string|null $opaque = null, string|null $algorithm = null): mixedSensitive parameters are annotated with #[\SensitiveParameter] to
ensure that debugging output and exception traces do not reveal
confidential values used in the authentication hash.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$username |
string | the username supplied by the client |
$realm |
string | the challenge-provided realm value |
$nonce |
string | the server-generated nonce used in hashing |
$uri |
string | the requested URI |
$response |
string | the computed digest response hash |
$qop |
string | the quality of protection value |
$nc |
string | the nonce count, incremented by the client |
$cnonce |
string | the client-generated nonce |
$opaque |
string|null | optional server-provided opaque value |
$algorithm |
string|null | algorithm identifier, usually "MD5" |