Add note about reconstructing incoming requests
parent
40c4a1522c
commit
a01c9a6128
|
@ -42,6 +42,8 @@ incoming requests:
|
|||
assert key_id == 'squirrel'
|
||||
return 'monorail_cat'
|
||||
|
||||
request = requests.Request(...) # Reconstruct the incoming request using the Requests API
|
||||
request = request.prepare()
|
||||
HTTPSignatureAuth.verify(request, signature_algorithm=algorithms.HMAC_SHA256, key_resolver=key_resolver)
|
||||
|
||||
.. admonition:: See what is signed
|
||||
|
|
|
@ -166,7 +166,14 @@ class HTTPSignatureAuth(requests.auth.AuthBase):
|
|||
You can ensure that the information signed is what you expect to be signed by only trusting the *VerifyResult*
|
||||
tuple returned by ``verify()``.
|
||||
|
||||
:param request: The HTTP request to verify.
|
||||
:param request:
|
||||
The HTTP request to verify. You can reconstruct an incoming request using the
|
||||
`Requests API <https://docs.python-requests.org/en/latest/api/#requests.Request>`_ as follows::
|
||||
|
||||
request = requests.Request(...)
|
||||
request = request.prepare()
|
||||
HTTPSignatureAuth.verify(request, ...)
|
||||
|
||||
:param require_components:
|
||||
A list of lowercased header names or derived component IDs ("@method", "@target-uri", "@authority",
|
||||
"@scheme", "@request-target", "@path", "@query", "@query-params", "@status", or "@request-response" as
|
||||
|
|
Loading…
Reference in New Issue