Skip to content
This repository has been archived by the owner on Jun 27, 2019. It is now read-only.

Commit

Permalink
Document digest auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@eliangcs
eliangcs committed Oct 24, 2018
1 parent 961bb99 commit dc4792b
Show file tree
Hide file tree
Showing 4 changed files with 99 additions and 0 deletions.
14 changes: 14 additions & 0 deletions README-source.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,20 @@ Useful if your app requires two pieces of information to authentication: `userna
[insert-file:./snippets/basic-auth.js]
```

### Digest

*New in v7.4.0.*

The setup and user experience of Digest Auth is identical to Basic Auth. Users will provide Zapier their username and password. And Zapier will handle all the nonce and quality of protection details automatically.

This comment has been minimized.

Sign in to view

Copy link
@xavdid

xavdid Oct 24, 2018

Contributor

Super minor, but I'd change ...their username and password. And Zapier to ...their username and password and Zapier

> Example App: check out https://github.com/zapier/zapier-platform-example-app-digest-auth for a working example app for digest auth.
> Currently, only MD5 algorithm is supported. And server nonces are not reused. That means for every `z.request` call, Zapier will sends an additional request beforehand to get the server nonce. This could be slightly slower than Basic Auth.

This comment has been minimized.

Sign in to view

Copy link
@xavdid

xavdid Oct 24, 2018

Contributor

change to only the MD5 algo

This comment has been minimized.

Sign in to view

Copy link
@xavdid

xavdid Oct 24, 2018

Contributor

same as above, ...supported. And server -> ...supported and server.

Though, it's worth separating them if we'll support other algorithms in the future, but won't ever re-use server nonces. If that's the case, I'd separate them.

> Currently, only the MD5 algorithm is supported. 

> Server nonces are not reused, so before every `z.request` call, Zapier will make an _additional_ request beforehand to get a fresh nonce. Because of the extra requests, there will be more load on your server than with Basic Auth.

I wouldn't talk about speed, since while it is slower (extra request), it's not really an issue because the zap will still complete eventually.
```js
[insert-file:./snippets/digest-auth.js]
```

### Custom

This is what most "API Key" driven apps should default to using. You'll likely provide some custom `beforeRequest` middleware or a `requestTemplate` to complete the authentication by adding/computing needed headers.
Expand Down
30 changes: 30 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ Zapier is a platform for creating integrations and workflows. This CLI is your g
- [Converting an Existing App](#converting-an-existing-app)
- [Authentication](#authentication)
* [Basic](#basic)
* [Digest](#digest)
* [Custom](#custom)
* [Session](#session)
* [OAuth2](#oauth2)
Expand Down Expand Up @@ -444,6 +445,35 @@ const App = {

```

### Digest

*New in v7.4.0.*

The setup and user experience of Digest Auth is identical to Basic Auth. Users will provide Zapier their username and password. And Zapier will handle all the nonce and quality of protection details automatically.

> Example App: check out https://github.com/zapier/zapier-platform-example-app-digest-auth for a working example app for digest auth.
> Currently, only MD5 algorithm is supported. And server nonces are not reused. That means for every `z.request` call, Zapier will sends an additional request beforehand to get the server nonce. This could be slightly slower than Basic Auth.
```js
const authentication = {
type: 'digest',
// "test" could also be a function
test: {
url: 'https://example.com/api/accounts/me.json'
},
connectionLabel: '{{bundle.authData.username}}' // Can also be a function, check digest auth below for an example
// you can provide additional fields, but we'll provide `username`/`password` automatically
};

const App = {
// ...
authentication: authentication
// ...
};

```

### Custom

This is what most "API Key" driven apps should default to using. You'll likely provide some custom `beforeRequest` middleware or a `requestTemplate` to complete the authentication by adding/computing needed headers.
Expand Down
40 changes: 40 additions & 0 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,7 @@ <h2 class="docs-header__platform-title">Developer Platform</h2>
<li><a href="#converting-an-existing-app">Converting an Existing App</a></li>
<li><a href="#authentication">Authentication</a><ul>
<li><a href="#basic">Basic</a></li>
<li><a href="#digest">Digest</a></li>
<li><a href="#custom">Custom</a></li>
<li><a href="#session">Session</a></li>
<li><a href="#oauth2">OAuth2</a></li>
Expand Down Expand Up @@ -458,6 +459,7 @@ <h2 id="table-of-contents">Table of Contents</h2>
<li><a href="#converting-an-existing-app">Converting an Existing App</a></li>
<li><a href="#authentication">Authentication</a><ul>
<li><a href="#basic">Basic</a></li>
<li><a href="#digest">Digest</a></li>
<li><a href="#custom">Custom</a></li>
<li><a href="#session">Session</a></li>
<li><a href="#oauth2">OAuth2</a></li>
Expand Down Expand Up @@ -1168,6 +1170,44 @@ <h3 id="basic">Basic</h3>
<span class="hljs-comment">// ...</span>
};

</code></pre>
</div>
</div>
</div><div class="row">
<div class="row-height">
<div class="col-md-5 col-sm-12 col-height docs-primary">
<h3 id="digest">Digest</h3>
</div>
<div class="col-md-7 col-sm-12 col-height is-empty docs-code">

</div>
</div>
</div><div class="row">
<div class="row-height">
<div class="col-md-5 col-sm-12 col-height docs-primary">
<p><em>New in v7.4.0.</em></p><p>The setup and user experience of Digest Auth is identical to Basic Auth. Users will provide Zapier their username and password. And Zapier will handle all the nonce and quality of protection details automatically.</p><blockquote>
<p>Example App: check out <a href="https://github.com/zapier/zapier-platform-example-app-digest-auth">https://github.com/zapier/zapier-platform-example-app-digest-auth</a> for a working example app for digest auth.</p>
</blockquote><blockquote>
<p>Currently, only MD5 algorithm is supported. And server nonces are not reused. That means for every <code>z.request</code> call, Zapier will sends an additional request beforehand to get the server nonce. This could be slightly slower than Basic Auth.</p>
</blockquote>
</div>
<div class="col-md-7 col-sm-12 col-height docs-code">
<pre><code class="lang-js"><span class="hljs-keyword">const</span> authentication = {
<span class="hljs-attr">type</span>: <span class="hljs-string">&apos;digest&apos;</span>,
<span class="hljs-comment">// &quot;test&quot; could also be a function</span>
test: {
<span class="hljs-attr">url</span>: <span class="hljs-string">&apos;https://example.com/api/accounts/me.json&apos;</span>
},
<span class="hljs-attr">connectionLabel</span>: <span class="hljs-string">&apos;{{bundle.authData.username}}&apos;</span> <span class="hljs-comment">// Can also be a function, check digest auth below for an example</span>
<span class="hljs-comment">// you can provide additional fields, but we&apos;ll provide `username`/`password` automatically</span>
};

<span class="hljs-keyword">const</span> App = {
<span class="hljs-comment">// ...</span>
authentication: authentication
<span class="hljs-comment">// ...</span>
};

</code></pre>
</div>
</div>
Expand Down
15 changes: 15 additions & 0 deletions snippets/digest-auth.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
const authentication = {
type: 'digest',
// "test" could also be a function
test: {
url: 'https://example.com/api/accounts/me.json'
},
connectionLabel: '{{bundle.authData.username}}' // Can also be a function, check digest auth below for an example
// you can provide additional fields, but we'll provide `username`/`password` automatically
};

const App = {
// ...
authentication: authentication
// ...
};

0 comments on commit dc4792b

Please sign in to comment.