AnsweredAssumed Answered

Curl test fail in POSTMAN but work in GOOGLE ARC

Question asked by KevinMortimer on Dec 11, 2018



Trying to get a DIGEST AUTHORIZATION insert from URL working. Doing tests in POSTMAN gives error, however the same curl options succeed in Google ARC.


All the required hashing that filemaker uses to create the response is correct because i take them from Filemaker and use to test in Google ARC which produces 200 OK result. But when i test in Filemaker following error is given "[1627] Authentication failed" and postman gives an error of  "Your credentials used for hashing are invalid."


-X POST --digest -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Digest nonce=\"secretKey\",nc=\"63680140743896\",cnonce=\"d70ea3773061ea4ab9e7090be20c91ad\",qop=\"auth\",username=\"username\",uri=\"/digestAuth\",response=\"feb9c3b96e1a8024425582e66aabc868\"" -D $return_headers


Can anyone shed some light on why Filemaker and POSTMAN fail while GoogleARC succeeds and if my above Filemaker curl is correct. POSTMAN produces a different response to the one created in Filemaker which works in GOOGLE ARC. Response is created using following and all MD5 hashes have to be in lowercase. I am guessing that POSTMAN has its own way of creating the response which does not meet the below criteria

Response        =       md5(md5(validUser:realm:md5(password)):nonce:nc:cnonce:qop:md5(POST:uri))