Skip to main content

Shared-Secret Requests: A simple HTTP authentication library using shared secrets.

Project description

Shared-Secret Requests (SSR)

CircleCI

codecov

A simple HTTP authentication library using shared secrets.

Overview

The ssr library exposes a simple set of interfaces that facilitate server-server authentication using a shared secret. This shared secret or secret_key is used to generate a public key, using a client id and timestamp. The combination of the client id, timestamp and public key form a signature that a host server can use to verify the identity of the client server. ssr provides 3 intefaces to support that authentication workflow:

  1. ssr.Client - to help generate a public key from a shared secret key.
  2. ssr.Session - exends the requests library Session class to expose an ssr.Client and patch requests with the appropriate headers to correcly interface with ssr.BaseAuthentication
  3. ssr.BaseAuthentication - to help hosts validate requests from clients that have the same shared secret.

Scope

The scope of this project is limited to server-server authentication e.g. to support RESTful data transfer between micro-services. Logistics around managing secrets is not included in the scope of this project. For tools to manage secrets you can look into:

Installation

pip install ssr

Usage

SSR Client

TBD

Requests Session

import ssr

session = ssr.Session(
    secret_key=os.environ.get('APP_SECRET_KEY')
)

response = session.get(
    'https://myblog.com/api/post_reports/',
    params={'q': 'auth'}
)

Base Authentication

TBD

TODO

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
ssr-0.1.2.tar.gz (11.0 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page