Python implementation of the AWS4 compatible Escher HTTP request signing protocol.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for boogie from gravatar.com boogie Avatar for emartech from gravatar.com emartech

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

EscherPython - HTTP request signing lib Build Status

Escher helps you creating secure HTTP requests (for APIs) by signing HTTP(s) requests. It's both a server side and client side implementation. The status is work in progress.

The algorithm is based on Amazon's AWS Signature Version 4, but we have generalized and extended it.

More details are available at escherauth.io.

Signing a request

Escher works by calculating a cryptographic signature of your request, and adding it (and other authentication information) to said request.

Usually you will want to add the authentication information to the request by appending extra headers to it.

from escherauth import Escher

request = {
    'method': 'POST',
    'url': '/',
    'host': 'example.com',
    'headers': [
        ['X-Foo', 'bar'],
    ],
    'body': '{"this_is": "a_request_body"}',
}

escher = Escher('YOUR_ACCESS_KEY_ID', 'YOUR SECRET', 'example/credential/scope')
signed_request = escher.sign_request(request)

from pprint import pprint
pprint(signed_request)

Signing a Requests request:

import requests
from escherauth import EscherRequestsAuth

auth = EscherRequestsAuth('YOUR_ACCESS_KEY_ID', 'YOUR SECRET', 'example/credential/scope')
response = requests.post('https://httpbin.org/post', json={'this_is': 'a_request_body'}, auth=auth)

from pprint import pprint
pprint(response.json())

Presigning a URL

In some cases you may want to send authenticated requests from a context where you cannot modify the request headers, e.g. when embedding an API generated iframe.

You can however generate a presigned URL, where the authentication information is added to the query string.

from escherauth import Escher

escher = Escher('YOUR_ACCESS_KEY_ID', 'YOUR SECRET', 'example/credential/scope')
presigned_url = escher.presign_url('http://example.com/', expires=300)

print(presigned_url)

Validating a request

You can validate a request signed by the methods described above. For that you will need a database of the access keys and secrets of your clients.

from escherauth import Escher, EscherException

escher = Escher('', '', 'example/credential/scope')

signed_request = {
    'body': '{"this_is": "a_request_body"}',
    'headers': [
        ['Host', 'example.com'],
        ['X-Escher-Date', '20240227T121443Z'],
        ['X-Escher-Auth', 'ESR-HMAC-SHA256 Credential=YOUR_ACCESS_KEY_ID/20240227/example/credential/scope, SignedHeaders=host;x-escher-date, Signature=5febb099193b8e6c4027ff810e0faa5bc8a275efb46f2d5c1af8810f4332c4cb'],
    ],
    'method': 'POST',
    'url': '/',
}
key_db = {
    'ACCESS_KEY_OF_CLIENT_1': 'SECRET OF CLIENT 1',
    'ACCESS_KEY_OF_CLIENT_42': 'SECRET OF CLIENT 42',
}

try:
    escher.authenticate(signed_request, key_db)
    print('OK')
except EscherException as e:
    print(f'The validation failed: {e}')

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for boogie from gravatar.com boogie Avatar for emartech from gravatar.com emartech

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

This version

2.0.1

2.0.0

1.0.3

1.0.2

1.0.1

1.0.0

0.3.4

0.3.1

0.3.0

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

escherauth-2.0.1.tar.gz (11.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

escherauth-2.0.1-py3-none-any.whl (7.9 kB view details)

Uploaded Python 3

File details

Details for the file escherauth-2.0.1.tar.gz.

File metadata

  • Download URL: escherauth-2.0.1.tar.gz
  • Upload date:
  • Size: 11.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.23

File hashes

Hashes for escherauth-2.0.1.tar.gz
Algorithm Hash digest
SHA256 8606159335e6266b2df53e4c3e5d18ec0343d3de5679bba6f9266758300a0c80
MD5 db22c62eca4aacf3c79300910ee0b502
BLAKE2b-256 42bf91e5c2cd6df312bd47a4d92783728a1fffe87a37fb021f38772d51867e7d

See more details on using hashes here.

File details

Details for the file escherauth-2.0.1-py3-none-any.whl.

File metadata

  • Download URL: escherauth-2.0.1-py3-none-any.whl
  • Upload date:
  • Size: 7.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.23

File hashes

Hashes for escherauth-2.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 cf86f147c3e178d83a4122e8706c67a3d4313a2fedacf7125a45d3b976a9878d
MD5 afd122c1b0b4ab2a857ac17f1cc52e8a
BLAKE2b-256 45445b0038f4e75bc22e61a716bc3ebd491239dafcba52e61dade69df322dd8e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page