Fix: Parse qop parameter in Proxy-Authenticate header

[lexifdev]

While integrating with Twilio, I encountered an issue during SIP registration.

The SIP server responded with a 407 Proxy Authentication Required message, including a Proxy-Authenticate header like the following:

SIP/2.0 407 Proxy Authentication required
Proxy-Authenticate: Digest realm="sip.twilio.com",qop="auth",nonce="****",opaque="****"

However, the client was sending a Proxy-Authorization header where the qop value was set to undefined:

REGISTER sip:****.sip.twilio.com" SIP/2.0
Proxy-Authorization: Digest username="tester", realm="sip.twilio.com", nonce="****", uri="sip:****.sip.twilio.com", response="****", qop="undefined", cnonce="****", nc="00000001", algorithm="MD5"

As a result, Twilio returned an authentication failure:

SIP/2.0 403 Forbidden
X-Twilio-Error: 32202 Authentication failure - bad user credentials.

Upon investigation, I found that in node.js-sip’s Parser.js, the qop field was missing from the parsing definition for the Proxy-Authenticate header.

After updating the parsing logic to match that of WWW-Authenticate (by including the qop parameter), the client started sending the correct Proxy-Authenticate header:

Proxy-Authorization: Digest username="tester", realm="sip.twilio.com", nonce="****", uri="sip:****.sip.twilio.com", response="****", qop="auth", cnonce="****", nc="00000001", algorithm="MD5"

With this fix, registration succeeded as expected:

SIP/2.0 200 OK
CSeq: 2 REGISTER