gcrkrause
/
requests-http-signature
mirror of https://github.com/pyauth/requests-http-signature
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Expand verify example

pull/34/head
Andrey Kislyuk 2022-04-15 00:01:39 -07:00
parent d8b7916639
commit 7fd0077c58
No known key found for this signature in database
GPG Key ID: 8AFAFCD242818A52
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.rst
View File

@ -48,9 +48,10 @@ The class method ``HTTPSignatureAuth.verify()`` can be used to verify responses
return 'monorail_cat'
response = requests.get(url, auth=auth)
HTTPSignatureAuth.verify(response,
signature_algorithm=algorithms.HMAC_SHA256,
key_resolver=MyKeyResolver())
verify_result = HTTPSignatureAuth.verify(response,
signature_algorithm=algorithms.HMAC_SHA256,
key_resolver=MyKeyResolver())
# To avoid substitution attacks, only trust response data referenced by verify_result
More generally, you can reconstruct an arbitrary request using the
`Requests API <https://docs.python-requests.org/en/latest/api/#requests.Request>`_ and pass it to ``verify()``: