This is a Pyramid authenitcation plugin for MAC Access Authentication:
To access resources using MAC Access Authentication, the client must have obtained a set of MAC credentials including an id and secret key. They use these credentials to make signed requests to the server.
When accessing a protected resource, the server will generate a 401 challenge response with the scheme “MAC” as follows:
> GET /protected_resource HTTP/1.1 > Host: example.com < HTTP/1.1 401 Unauthorized < WWW-Authenticate: MAC
The client will use their MAC credentials to build a request signature and include it in the Authorization header like so:
> GET /protected_resource HTTP/1.1 > Host: example.com > Authorization: MAC id="h480djs93hd8", > ts="1336363200", > nonce="dj83hs9s", > mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" < HTTP/1.1 200 OK < Content-Type: text/plain < < For your eyes only: secret data!
This plugin uses the tokenlib library for verifying MAC credentials:
If this library does not meet your needs, you can provide a custom callback function to decode the MAC id token.
0.3.0 - 2012-11-27
- Support for Python3 via source-level compatibility.
0.2.0 - 2012-10-04
- Add encode_mac_id() method as a dual of decode_mac_id().
- Add “macauth.master_secret” setting to specify the secret used when encoding/decoding MAC Auth tokens.
0.1.1 - 2012-07-11
- Update tests for compatability with macauthlib>=0.3.0.
0.1.0 - 2012-06-15
- Initial release; based on repoze.who.plugins.macauth codebase.