Support Windows Authentication

Comments (6)

Gregory Schier

·a year ago

Can you provide more detail? Are you trying to write an NTLM plugin yourself? If so, can you post the code so I can see what you’re doing?

rubytech-avsorokin OP·a year ago

import { PluginDefinition, HttpRequest } from "@yaakapp/api";

/// deps in package.json "httpntlm": "^1.8.13"
const ntlm = require('httpntlm').ntlm;


export const plugin: PluginDefinition = {
    authentication: {
        name: 'windows',
        label: 'NTLM Auth',
        shortLabel: 'NTLM',
        args: [{
            type: 'text',
            name: 'username',
            label: 'Username',
            optional: true,
        }, {
            type: 'text',
            name: 'password',
            label: 'Password',
            optional: true,
            password: true,
        }],
        async onApply(_ctx, { values, method, url }) {

            const { username, password } = values;

            const negotiateRequest = ntlm.createType1Message({}); 
            
            const httpRequest: Partial<HttpRequest> = {
                method,
                url,
                headers: [
                    { name: 'Authorization', value: negotiateRequest },
                    { name: 'Connection', value: 'keep-alive' },
                ],
            };

            const negotiateResponse  = await _ctx.httpRequest.send({ httpRequest });
            const wwwAuthenticateHeader = negotiateResponse.headers
                .find(h=>h.name === 'www-authenticate')
                ?.value;
            
            if (!wwwAuthenticateHeader) {
                throw 'Unable to negotiate NTLM authentication, check if www-authenticate response header is present.'
            }
            const type2 = ntlm.parseType2Message(wwwAuthenticateHeader);
            const type3 = ntlm.createType3Message(type2, { username, password });
           
            /// This code block is for debugging only,
            const debugCodeBlock = 1;
            if (debugCodeBlock) {
                debugger;
                /// takes 401 here due to connection close 
                const authedResponse = await _ctx.httpRequest.send({ httpRequest: {
                        method,
                        url,
                        headers: [
                            { name: 'Authorization', value: type3 },
                            { name: 'Connection', value: 'keep-alive' },
                        ],
                    } });


                console.log(authedResponse);
            }
            /// End of debug code block 
            
            return { setHeaders: [
                { name: 'Authorization', value: type3 },
            ] };
        },
    },
};

Sure!

Gregory Schier

·10 months ago

Thanks for that! I think this should start working if I make the plugin-triggered requests share the same connection as the original

Gregory Schier

·6 months ago

Not sure if you're still using Yaak, but I've added NTLM in the latest beta. I don't have a proper server to test against, though, so help here would be appreciated!

https://yaak.app/blog/2025.9.0-beta.4

Gregory Schier

·5 months ago

https://yaak.app/blog/2025.9.0

SoftExpert ·3 months ago

NTLM does not work in the current form - tested with the latest 2026.2.0 and also 2026.2.1-beta1.

The following public site can help with authentication tests:

https://authenticationtest.com/

The bad thing is that there are no visible traces in the timeline that could have helped with the diagnostics. The current approach for displaying the results washes up too much of the raw data, thus hiding details that could be important.

The only visible cue is the message “Plugin error: Couldn’t find NTLM in the message type2 coming from the server” displayed on top of the response area.