requests-http-signature

authentication hmac http http-signature python

Go to file

Andrey Kislyuk 2240873aff v0.0.2		2017-08-22 14:50:09 -07:00
requests_http_signature	Require key ID	2017-08-22 14:49:25 -07:00
test	Require key ID	2017-08-22 14:49:25 -07:00
.gitignore	Begin requests-http-signature	2017-08-22 12:05:04 -07:00
.travis.yml	Drop Python 3.3	2017-08-22 12:40:36 -07:00
Changes.rst	v0.0.2	2017-08-22 14:50:09 -07:00
LICENSE	Begin requests-http-signature	2017-08-22 12:05:04 -07:00
Makefile	Fix coverage reporting	2017-08-22 12:44:21 -07:00
README.rst	Require key ID	2017-08-22 14:49:25 -07:00
common.mk	Begin requests-http-signature	2017-08-22 12:05:04 -07:00
setup.cfg	Begin requests-http-signature	2017-08-22 12:05:04 -07:00
setup.py	v0.0.2	2017-08-22 14:50:09 -07:00

README.rst

requests-http-signature: A Requests auth module for HTTP Signature
==================================================================

**requests-http-signature** is a `Requests <https://github.com/requests/requests>`_ `authentication plugin
<http://docs.python-requests.org/en/master/user/authentication/>`_ (``requests.auth.AuthBase`` subclass) implementing
the `IETF HTTP Signatures draft RFC <https://tools.ietf.org/html/draft-cavage-http-signatures>`_. It has no required
dependencies outside the standard library. If you wish to use algorithms other than HMAC (namely, RSA and ECDSA algorithms
specified in the RFC), there is an optional dependency on `cryptography <https://pypi.python.org/pypi/cryptography>`_.

.. code-block:: python

  import requests
  from requests_http_signature import HTTPSignatureAuth
  preshared_secret = 'monorail_cat'
  url = 'http://example.com/path'
  requests.get(url, auth=HTTPSignatureAuth(key=preshared_secret, key_id='squirrel'))

In addition to signing messages in the client, the class method ``HTTPSignatureAuth.verify()`` can be used to verify
incoming requests:

.. code-block:: python

  def key_resolver(key_id, algorithm):
      return 'monorail_cat'

  HTTPSignatureAuth.verify(request, key_resolver=key_resolver)

Installation
------------
::

    pip install requests-http-signature

Asymmetric key algorithms (RSA and ECDSA)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For asymmetric key algorithms, you should supply the private key as the ``key`` parameter to the ``HTTPSignatureAuth()`` 
constructor as bytes in the PEM format. When verifying, the ``key_resolver()`` callback should provide the public key as
bytes in the PEM format as well.

Links
-----
* `IETF HTTP Signatures draft <https://tools.ietf.org/html/draft-cavage-http-signatures>`_
* `Project home page (GitHub) <https://github.com/kislyuk/requests-http-signature>`_
* `Documentation (Read the Docs) <https://requests-http-signature.readthedocs.io/en/latest/>`_
* `Package distribution (PyPI) <https://pypi.python.org/pypi/requests-http-signature>`_
* `Change log <https://github.com/kislyuk/requests-http-signature/blob/master/Changes.rst>`_

Bugs
~~~~
Please report bugs, issues, feature requests, etc. on `GitHub <https://github.com/kislyuk/requests-http-signature/issues>`_.

License
-------
Licensed under the terms of the `Apache License, Version 2.0 <http://www.apache.org/licenses/LICENSE-2.0>`_.

.. image:: https://travis-ci.org/kislyuk/requests-http-signature.png
        :target: https://travis-ci.org/kislyuk/requests-http-signature
.. image:: https://codecov.io/github/kislyuk/requests-http-signature/coverage.svg?branch=master
        :target: https://codecov.io/github/kislyuk/requests-http-signature?branch=master
.. image:: https://img.shields.io/pypi/v/requests-http-signature.svg
        :target: https://pypi.python.org/pypi/requests-http-signature
.. image:: https://img.shields.io/pypi/l/requests-http-signature.svg
        :target: https://pypi.python.org/pypi/requests-http-signature
.. image:: https://readthedocs.org/projects/requests-http-signature/badge/?version=latest
        :target: https://requests-http-signature.readthedocs.org/