2 files changed, 5 insertions, 4 deletions

diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 6d46586367..1537b8b806 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -249,9 +249,8 @@ module ActionController
       end
 
       def secret_token(request)
-        secret = request.env["action_dispatch.secret_token"]
-        raise "You must set config.secret_token in your app's config" if secret.blank?
-        secret
+        key_generator = request.env["action_dispatch.key_generator"]
+        key_generator.generate_key('http authentication')
       end
 
       # Uses an MD5 digest based on time to generate a value to be used only once.
diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb
index b11ad633bd..dd95fad6e1 100644
--- a/actionpack/test/controller/http_digest_authentication_test.rb
+++ b/actionpack/test/controller/http_digest_authentication_test.rb
@@ -1,4 +1,6 @@
 require 'abstract_unit'
+# FIXME remove DummyKeyGenerator and this require in 4.1
+require 'active_support/key_generator'
 
 class HttpDigestAuthenticationTest < ActionController::TestCase
   class DummyDigestController < ActionController::Base
@@ -41,7 +43,7 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
   setup do
     # Used as secret in generating nonce to prevent tampering of timestamp
     @secret = "session_options_secret"
-    @request.env["action_dispatch.secret_token"] = @secret
+    @request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new(@secret)
   end
 
   teardown do