This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

This is a low-level library for implementing MAC Access Authentication, a simple HTTP request-signing scheme described in:

http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01

To access resources using MAC Access Authentication, the client must have obtained a set of MAC credentials including an id and a secret key. They use these credentials to make signed requests to the server.

When accessing a protected resource, the server will generate a 401 challenge response with the scheme “MAC” as follows:

> GET /protected_resource HTTP/1.1
> Host: example.com

< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: MAC

The client will use their MAC credentials to build a request signature and include it in the Authorization header like so:

> GET /protected_resource HTTP/1.1
> Host: example.com
> Authorization: MAC id="h480djs93hd8",
>                    ts="1336363200",
>                    nonce="dj83hs9s",
>                    mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM="

< HTTP/1.1 200 OK
< Content-Type: text/plain
<
< For your eyes only:  secret data!

This library provices the low-level functions necessary to implement such an authentication scheme. For MAC Auth clients, it provides the following function:

  • sign_request(req, id, key, hashmod=sha1): sign a request using MAC Access Auth.

For MAC Auth servers, it provides the following functions:

  • get_id(req): get the claimed MAC Auth id from the request.
  • check_signature(req, key, hashmod=sha1): check that the request was signed with the given key.

The request objects passed to these functions can be any of a variety of common object types:

  • a WSGI environment dict
  • a webob.Request object
  • a requests.Request object
  • a string or file-like object of request data

A typical use for a client program might be to install the sign_request function as an authentication hook when using the requests library, like this:

import requests
import functools
import macauthlib

# Hook up sign_request() to be called on every request.
def auth_hook(req):
    macauthlib.sign_request(req, id="<AUTH-ID>", key="<AUTH-KEY>")
    return req
session = requests.session(hooks={"pre_request": auth_hook})

# Then use the session as normal, and the auth is applied transparently.
session.get("http://www.secret-data.com/get-my-data")

A typical use for a server program might be to verify requests using a WSGI middleware component, like this:

class MACAuthMiddleware(object):

    # ...setup code goes here...

    def __call__(self, environ, start_response):

        # Find the identity claimed by the request.
        id = macauthlib.get_id(environ)

        # Look up their secret key.
        key = self.SECRET_KEYS[id]

        # If the signature is invalid, error out.
        if not macauthlib.check_signature(environ, key):
            start_response("401 Unauthorized",
                           [("WWW-Authenticate", "MAC")])
            return [""]

        # Otherwise continue to the main application.
        return self.application(environ, start_response)

0.6.0 - 2013-06-25

  • Support for requests version 1.0.0 and greater; thanks bobbyrward. Unfortunately this is not backwards-compatible with older versions of requests.

0.5.0 - 2012-11-26

  • Support for Python 3, via source-level compatibility.

0.4.0 - 2012-09-31

  • Allow the main API functions to accept a WebOb Request object, a requests Request object, or a WSGI environ dict as first argument. This should make it easier to implement client programs.
  • macauthlib.sign_request() now returns the Authorization header value, which is useful if you pass it something immutable as the request to be signed.
  • Hide functions from macauthlib.utils that were previously available directly from macauthlib. This will ensure users import them from the canonical location.

0.3.0 - 2012-07-11

  • Simplify API of the NonceCache class; it now provides a single method check_nonce() rather than separate is_fresh() and add_nonce() methods.

0.2.0 - 2012-06-01

  • Fix a race condition bug in NonceCache.

0.1.0 - 2012-02-27

  • Initial release.
Release History

Release History

0.6.0

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.5.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.4.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.3.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.2.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
macauthlib-0.6.0.tar.gz (14.1 kB) Copy SHA256 Checksum SHA256 Source Jun 25, 2013

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting