Problem
The SDK parses RFC 7235 WWW-Authenticate challenges and ships a Basic (RFC 7617) challenge handler. Digest access authentication (RFC 7616) is not yet implemented.
Proposed direction
Add a DigestChallengeHandler supporting MD5, MD5-sess, SHA-256, and SHA-256-sess, slotting into the existing ChallengeHandler / CompositeChallengeHandler abstraction.
Considerations
- BCL crypto (
System.Security.Cryptography) only; trim/AOT-safe.
qop=auth, nonce-count (nc), and client-nonce (cnonce) generation; a single re-auth round-trip on 401.- Additive — no public API changes to the auth surface.
Context
Modern APIs overwhelmingly use bearer or API-key auth, so Digest is deferred from the initial auth work to keep scope tight. The Java and Python SDKs include a Digest handler; this tracks .NET parity.
Problem
The SDK parses RFC 7235
WWW-Authenticatechallenges and ships a Basic (RFC 7617) challenge handler. Digest access authentication (RFC 7616) is not yet implemented.Proposed direction
Add a
DigestChallengeHandlersupporting MD5, MD5-sess, SHA-256, and SHA-256-sess, slotting into the existingChallengeHandler/CompositeChallengeHandlerabstraction.Considerations
System.Security.Cryptography) only; trim/AOT-safe.qop=auth, nonce-count (nc), and client-nonce (cnonce) generation; a single re-auth round-trip on401.Context
Modern APIs overwhelmingly use bearer or API-key auth, so Digest is deferred from the initial auth work to keep scope tight. The Java and Python SDKs include a Digest handler; this tracks .NET parity.