Crypto Keypair Authorization for Django Rest Framework
Project description
Crypto Keypair Authorization for Django Rest Framework
For full documentation visit drf-keypair-permissions.readthedocs.io.
This Django module was created to give "Cavage" HTTP Signatures capabilities to the Django Rest Framework.
This enables HTTP authorization based on public key/private key encryption as an alternative to session cookies or API tokens.
In your Django code, it looks like this:
from keypair_permissions.permissions import HasHttpCryptoAuthorization
class EchoServerApiView(GenericApiView):
permission_classes = [HasHttpCryptoAuthorization]
def get(self, request):
return Response(request.body)
Doing so will require an Authorization HTTP header that looks like this:
HTTP/1.1 POST /foo
Authorization: Signature algorithm="hs2019",keyId="keyname",signature="MEUCIGGB0P3P/iZCzCbX1fj1Q6AbYPJr9dEBYcsuiLoS3q6uAiEAkEjvmWfuN1UDPmYCkBywnI/MwisCuNEmlAxPB3ZBVgc="
... other headers ...
This authorization header is created by signing Request headers with a private key on the client. The server then verifies the Request was sent by a known client by verifying the signature using the client's public key.
Additionally, a Digest header can be added to ensure the Request body was transported in tact:
Digest: SHA512=WZDPaVn/7XgHaAy8pmojAkGWoRx2UFChF41A2svX+TaPm+AbwAgBWnrIiYllu7BNNyealdVLvRwEmTHWXvJwew==
Each public key can be associated with a Django User, so the User can be accessed from the View:
class EchoServerApiView(GenericApiView):
permission_classes = [HasHttpCryptoAuthorization]
def get(self, request):
user = request.public_key.user
return Response(request.body)
For more information see Draft Cavage HTTP Signatures 12
Quickstart
Install:
$ pip install drf-keypair-permissions
Add keypair_permissions to your settings.INSTALLED_APPS:
settings.py:
INSTALLED_APPS = [
...
'keypair_permissions',
]
Migrate the database
$ ./manage.py makemigrations
$ ./manage.py migrate
Include to your project
views.py:
from keypair_permissions.permissions import HasHttpCryptoAuthorization
Set the permission_classes of API views to include HasHttpCryptoAuthorization:
class EchoServerApiView(GenericApiView):
permission_classes = [HasHttpCryptoAuthorization]
def get(self, request):
return Response(request.body)
Or use across your entire API by setting REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES']:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'keypair_permissions.permissions.HasHttpCryptoAuthorization',
]
}
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file drf-keypair-permissions-1.0.0.tar.gz.
File metadata
- Download URL: drf-keypair-permissions-1.0.0.tar.gz
- Upload date:
- Size: 9.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b3dbfdeb9fd6925aa11983347a235374fbebcf9b10a2cb328c71f13ce1142e50
|
|
| MD5 |
2136dc7f8e269ae08a1d3078835fef05
|
|
| BLAKE2b-256 |
3cf6390629737b35585ffad377b49c38aa5797c866d0ec93536f573ef78b61cc
|
File details
Details for the file drf_keypair_permissions-1.0.0-py3-none-any.whl.
File metadata
- Download URL: drf_keypair_permissions-1.0.0-py3-none-any.whl
- Upload date:
- Size: 24.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7eafce6d29df9f3e362414786304b16290dee959695b4cb9531508a87e72446c
|
|
| MD5 |
d1aaf5832cab53cd73179b24b065b32e
|
|
| BLAKE2b-256 |
922fe352861d7fa5b78df8ae93c2793814d58e768944d11f6fe451748058903a
|
