Hacker Newsnew | comments | show | ask | jobs | submit login

There are many types of digest authentication - OAuth1.0a and Amazon's and Stormpath's custom schemes are examples. Browser-specific digest authentication wasn't covered however since the article was about REST APIs and most REST clients are not browsers.

I'm pretty sure he means RFC 2617 Digest authentication. There's nothing browser-specific about it.


I gathered as much. But in practice, how often do you see RFC 2617 Digest authc used in non-browser scenarios? (I'm genuinely curious. I haven't seen it used much at all outside of web browsers, so I'm curious what others may have come across).


I've written Atom Publishing Protocol servers that use it. It's not badly-suited for non-browser tasks (although yes, SSL and Basic is much simpler - if you don't mind paying for the certificate). It's unusual, but it's pretty unusual to use it (or Basic) for web browsers these days, too.


Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact