DigestCredential

Class
implements AuthorizationCredential
Read only: Yes Final: Yes

Class DigestCredential.

Description

Represents the parsed credential set for HTTP Digest Authentication (RFC 7616). Digest Authentication uses a challenge–response mechanism that avoids transmitting passwords in plaintext, but several fields remain highly sensitive because they directly participate in the hash computation or reflect secret client state.

Implementations handling this class MUST treat the response, cnonce, nonce, and nc parameters as sensitive information. These values MUST NOT be logged, exposed, or included in error messages. While the original password is not transmitted, the combination of these fields MAY allow offline credential recovery if leaked.

The username, realm, and uri fields generally do not contain secret information, though they SHOULD still be handled carefully.

Table of Contents

Interfaces

AuthorizationCredential

Interface AuthorizationCredential.

Properties

$algorithm
 : string|null
$cnonce
 : string
$nc
 : string
$nonce
 : string
$opaque
 : string|null
$qop
 : string
$realm
 : string
$response
 : string
$uri
 : string
$username
 : string

Methods

__construct()

Creates a Digest Authentication credential.

 : mixed
Properties

$response

Public
public string $response
Attributes
#[SensitiveParameter]
Methods

__construct()

Public

Creates a Digest Authentication credential.

public __construct( string  $username, string  $realm, string  $nonce, string  $uri, string  $response, string  $qop, string  $nc, string  $cnonce[, string|null  $opaque = null][, string|null  $algorithm = null]) : mixed

Description

Sensitive parameters are annotated with #[\SensitiveParameter] to ensure that debugging output and exception traces do not reveal confidential values used in the authentication hash.

Parameters
$username : string

Description

the username supplied by the client

$realm : string

Description

the challenge-provided realm value

$nonce : string

Description

the server-generated nonce used in hashing

$uri : string

Description

the requested URI

$response : string

Description

the computed digest response hash

$qop : string

Description

the quality of protection value

$nc : string

Description

the nonce count, incremented by the client

$cnonce : string

Description

the client-generated nonce

$opaque : string|null = null

Description

optional server-provided opaque value

$algorithm : string|null = null

Description

algorithm identifier, usually "MD5"