Usecase agnostic implementation of AWS4 signing schema.
Project description
Usecase agnostic implementation of AWS4 Sig v4
This implementation aims to be usecase agnostic. As such it accepts the
component pieces of a request rather than a full opinionated request object
like httpx.Request.
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
Usage
Validation
from aws4 import generate_challenge, validate_challenge
payload = "<extract content from request>"
challenge = generate_challenge(
method=request.method,
url=request.url,
headers=request.headers,
content=payload.decode("utf-8"),
)
secret_access_key = <load secret key using the challenge.access_key_id>
validate_challenge(challenge, secret_key.secret_access_key)
Signing
An example of an httpx AWS4 request signing. In this example the Authorization header is injected into request.headers
from datetime import datetime, timezone
import aws4
service = "s3"
region = "us-east-1"
access_key_id = "my-access-key-id"
secret_access_key = "my-secret-access-key"
def http_aws4_auth(request: httpx.Request):
dt = datetime.now(tz=timezone.utc)
request.headers["x-amz-date"] = aws4.to_amz_date(dt)
request.headers["host"] = request.url.netloc.decode("utf-8")
body = request.content.decode("utf-8")
if body:
request.headers["Content-Length"] = str(len(body))
aws4.sign_request(
service,
request.method,
request.url,
region,
request.headers,
body,
access_key_id,
secret_access_key,
dt,
)
with httpx.Client() as client:
r = client.request(
url="http://localhost",
auth=auth,
)
Builtin httpx client
Currently there is only a builtin client for httpx, if you think there is a client implementation that would be useful to include, please raise an issue on github.
from datetime import datetime, timezone
import aws4
from aws4.key_pair import KeyPair
from aws4.client import HttpxAWS4Auth
auth = HttpxAWS4Auth(
KeyPair(
access_key_id="my-access-key-id",
secret_access_key="my-secret-access-key",
)
"s3",
"us-east-1",
)
with httpx.Client() as client:
r = client.request(
url="http://localhost",
auth=auth,
)
Extra credit
Thanks to @ozzzzz and @ivanmisic for work on the initial httpx/fastapi implementations this was extracted from.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file auth_aws4-0.1.10.tar.gz.
File metadata
- Download URL: auth_aws4-0.1.10.tar.gz
- Upload date:
- Size: 55.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.22
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d8dc7325a0fc02675d440b93b95754dd20cfaff64e24573ccd0805b8f8b4f9ce
|
|
| MD5 |
80bf5dda05a27bfb948d84e93a181f0c
|
|
| BLAKE2b-256 |
184cfee2a8f8e1ac1675038f8e5b633830100416084d8cc48c6c013d09422904
|
File details
Details for the file auth_aws4-0.1.10-py3-none-any.whl.
File metadata
- Download URL: auth_aws4-0.1.10-py3-none-any.whl
- Upload date:
- Size: 8.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.22
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e56ea68d15ef7ceb773bbca9555f84ce3b760bf8a1f59af2b2e0b9434d93f35a
|
|
| MD5 |
6919498766efae3af995bc3c0a3ea432
|
|
| BLAKE2b-256 |
5e66b6167d13da5959ae84182a7d4aa4b2181aac0bfc7ace365d59ca977f0d84
|
