From 6a5f54b77aeaadc7f74e3d377cf0aba7d8f293d0 Mon Sep 17 00:00:00 2001
From: Georg Krause <mail@georg-krause.net>
Date: Fri, 23 Apr 2021 17:25:51 +0200
Subject: [PATCH] Do not add created field if algorithm is rsa, hmac or ecdsa

---
 requests_http_signature/__init__.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/requests_http_signature/__init__.py b/requests_http_signature/__init__.py
index 426a56e..fe37e29 100644
--- a/requests_http_signature/__init__.py
+++ b/requests_http_signature/__init__.py
@@ -123,8 +123,10 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
             ("algorithm", self.algorithm),
             ("headers", " ".join(self.headers)),
             ("signature", sig),
-            ("created", int(created_timestamp)),
         ]
+        if not (self.algorithm.startswith("rsa") or self.algorithm.startswith("hmac") or
+                self.algorithm.startswith("ecdsa")):
+            sig_struct.append(("created", int(created_timestamp)))
         if expires_timestamp is not None:
             sig_struct.append(("expires", int(expires_timestamp)))
         return ",".join('{}="{}"'.format(k, v) for k, v in sig_struct)