Digest authentication and Google Apps Script

The other day I was looking around for an example of how to do digest authentication in Google Apps Script (or even plain javascript). I found plenty of theoretical discussions on it, but no actual examples. So here’s an implementation walkthrough. You can include it live in your Google Apps Script Project from the mcpher shared library  or just copy the code.

What is Digest Authentication

Working with GAS, you’ll probably be more familiar with oAuth2, which is supported well through the UrlFetchApp class. However some APIS still use Basic authentication, or the slightly more secure Digest Authentication. Here is a wikipedia write up of it, and here is the RFC describing Digest Authentication in detail.

Worked example

We’ll use the real estate exchange format, defined here , as an example.

Step 1. Initialize the workflow


  • muteHttpExceptions is (I think undocumented) option that prevents urlfetch from crashing out and returning a null response
  • this.danceStep1 WWW-Authenticate header looks like this, and a 401 status code is returned. What we need from this to construct the next request is the nonce, qop, and realm from the WWW-Authenticate header. Other implementations also return a few other things like encoding algorithm, domain and the opaque value.
  • It’s quite fiddly to parse the header- for some fields there are quotes – for others there are not. I wont go into the details of that here, but the parsing code is included in the code implementation.

Step 2 – construct the digest

Using this code, we construct a digest header like this as per  Digest Authentication in detail.

Some of the intermediate values look like this,

Step 3 – Finish the workflow

Now we can respond to that 401, this time we should get a 200 ok reponse
Where this.digest() looks like this

The Code

The digest auth code is accessible through the cDigestAuth object which you can include in your project from the mcpher shared library like this, or just copy the code from here.
Here’s the test
your credentials should come from some secret place, for example scriptDB or script properties, and should return an object like this

Here’s the complete code for cDigestAuth

About brucemcp 223 Articles
I am a Google Developer Expert and decided to investigate Google Apps Script in my spare time. The more I investigated the more content I created so this site is extremely rich. Now, in 2019, a lot of things have disappeared or don’t work anymore due to Google having retired some stuff. I am however leaving things as is and where I came across some deprecated stuff, I have indicated it. I decided to write a book about it and to also create videos to teach developers who want to learn Google Apps Script. If you find the material contained in this site useful, you can support me by buying my books and or videos.

Be the first to comment

Leave a Reply

Your email address will not be published.


1 × one =