So you were far on your way. I made a testcase tonight against the postman-echo service available for test purposes to test rest calls of which digest auth is one.(See informative urls below)
So I build a microflow(see modelshare below) which basically does the first request to the postman-echo service acquiring the authentication details. I then get the header "WWW-Authenticate" from the 401 result which consists in my case out of the following string:
"Digest realm="Users", nonce="Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9", qop="auth"".
After extracting necesairly values i then go calculating the hashes. I created a java action for this with the following line of code:
After i've implemented this I can start with the first part, username in this case is "postman" and pass is "password". You can find the information for this call in the Url's below.
then i go calculate the 2nd hash
Then as last i calculate the final response value to return with the authentication string:
Response= md5(ha1:nonce:ha2) = md5(d38e52b6bfcc38db1b146835e4e78d4a:Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9:d44208d61728db39ce092dd4d9a3e278)
Now we're ready to setup the authtentication string. In this case that would be:
Digest username="postman", realm="Users", nonce="Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9", uri="/digest-auth", response="2113c6a0a925b5a101ab2d85e05b7031", opaque=""
I hope this helps you on the way.
Could the solution suggested by Faried in the following topic help you?
He basically suggest combining username and pass in a md5 hashed string and add this combination to the header for authentication.