repoze.who.plugins.hawkauth
Project description
This is a repoze.who plugin for Hawk Access Authentication:
To access resources using Hawk Access Authentication, the client must have obtained a set of Hawk credentials including an id and secret key. They use these credentials to make signed requests to the server.
When accessing a protected resource, the server will generate a 401 challenge response with the scheme “Hawk” as follows:
> GET /protected_resource HTTP/1.1 > Host: example.com < HTTP/1.1 401 Unauthorized < WWW-Authenticate: Hawk
The client will use their Hawk credentials to build a request signature and include it in the Authorization header like so:
> GET /protected_resource HTTP/1.1 > Host: example.com > Authorization: Hawk id="h480djs93hd8", > ts="1336363200", > nonce="dj83hs9s", > mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" < HTTP/1.1 200 OK < Content-Type: text/plain < < For your eyes only: secret data!
This plugin uses the tokenlib library for verifying Hawk credentials:
If this library does not meet your needs, you can provide a custom callback function to decode the Hawk id token.
0.2.0 - 2013-08-19
Allow setting a custom master secret, which is passed through to tokenlib.
0.1.0 - 2013-08-19
Initial release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for repoze.who.plugins.hawkauth-0.2.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2e22aeaed7550c8f7cbbb8a72650a91fd7cbb25d23d8eeb00d1c62e2dc5fc0eb |
|
MD5 | 2d178a8c27a6c1c1a227511c3c422c75 |
|
BLAKE2b-256 | a344ad9933e5c3a270d5697f5e5a80bf7b422eeb1fa72a8444f69ed05c67f387 |