Skip to content
Snippets Groups Projects
Select Git revision
  • develop default protected
  • renovate/python-3.x
  • renovate/sphinx-rtd-theme-3.x
  • renovate/myst-parser-4.x
  • 0.3.1 protected
  • 0.3.0 protected
  • 0.3.0-rc.5 protected
  • 0.3.0-rc.3 protected
  • 0.3.0-rc.4 protected
  • 0.3.0-rc.2 protected
  • 0.3.0-rc.1 protected
  • v0.2.0 protected
  • v0.1.0 protected
  • v0.0.3 protected
  • v0.0.2 protected
  • v0.0.1 protected
16 results

requests-http-message-signatures

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    chore(deps) Configure renovate to widen the range
    Georg Krause authored
    a8593b20
    History
    user avatar a8593b20
    History
    Name Last commit Last update
    docs
    requests_http_message_signatures
    test
    .gitignore
    .gitlab-ci.yml
    CHANGELOG.md
    LICENSE
    Makefile
    README.md
    common.mk
    pyproject.toml
    renovate.json
    README.md

    requests-http-message-signatures: A Requests auth module for HTTP Signature

    requests-http-message-signatures is a Requests authentication plugin (requests.auth.AuthBase subclass) implementing the IETF HTTP Signatures draft RFC. It has no required dependencies outside the standard library. If you wish to use algorithms other than HMAC (namely, RSA and ECDSA algorithms specified in the RFC), there is an optional dependency on cryptography.

    Installation

    $ pip install requests-http-message-signatures

    Usage

      import requests
  from requests_http_signature import HTTPSignatureAuth
  
  preshared_key_id = 'squirrel'
  preshared_secret = 'monorail_cat'
  url = 'http://example.com/path'
  
  requests.get(url, auth=HTTPSignatureAuth(key=preshared_secret, key_id=preshared_key_id))

    By default, only the Date header is signed (as per the RFC) for body-less requests such as GET. The Date header is set if it is absent. In addition, for requests with bodies (such as POST), the Digest header is set to the SHA256 of the request body and signed (an example of this appears in the RFC). To add other headers to the signature, pass an array of header names in the headers keyword argument.

    In addition to signing messages in the client, the class method HTTPSignatureAuth.verify() can be used to verify incoming requests:

      def key_resolver(key_id, algorithm):
      return 'monorail_cat'

  HTTPSignatureAuth.verify(request, key_resolver=key_resolver)

    Asymmetric key algorithms (RSA and ECDSA)

    For asymmetric key algorithms, you should supply the private key as the key parameter to the HTTPSignatureAuth() constructor as bytes in the PEM format:

      with open('key.pem', 'rb') as fh:
      requests.get(url, auth=HTTPSignatureAuth(algorithm="rsa-sha256", key=fh.read(), key_id=preshared_key_id))

    When verifying, the key_resolver() callback should provide the public key as bytes in the PEM format as well.

    Links

    Bugs

    Please report bugs, issues, feature requests, etc. on our issue tracker.

    License

    Licensed under the terms of the Apache License, Version 2.0.