wai-middleware-hmac-client

Release 0.1.0.2

WAI HMAC Authentication Middleware and Client

Homepage Hackage Haskell Download

Keywords
library, web, Propose Tags, wai-middleware-hmac, , Index, Network.Wai.Middleware.HmacAuth.Client, wai-middleware-hmac-client-0.1.0.2.tar.gz, browse, Package description, Package maintainers, ChristopherReichert, edit package information
License
BSD-3-Clause
Install
cabal install wai-middleware-hmac-client-0.1.0.2

Documentation

WAI HMAC Authentication Middleware and Client

https://travis-ci.org/creichert/wai-middleware-hmac.svg?branch=master https://img.shields.io/badge/license-BSD3-green.svg?dummy https://img.shields.io/hackage/v/wai-middleware-hmac.svg?dummy

HMAC Authentication Middleware for WAI with supporting client module. Supports SHA512, SHA256, SHA1, and MD5 request signatures.

This HMAC Authentication implementation is based on the Amazon AWS Authentication scheme. See the Specification section for more details

These packages are still experimental

Client

https://img.shields.io/hackage/v/wai-middleware-hmac-client.svg?dummy

A client module resides in client/. The client is built on http-client and has one primary function, applyHmacAuth, which is similar to http-client’s applyBasicAuth. There are redundancies between the middleware and client in order to keep a minimum dependency profile on both components.

Example

# Run Example Server
$ cabal run example

# Fail auth
$ curl localhost:3000

# Use client module for successful auth
cd client/ && cabal run example

Issues

Feel free to submit issues on the issues:Issue Tracker

Specification

There is no official specification for utilizing HMAC Authentication over HTTP. This implementation loosely follows the implementation used by Amazon AWS.

Most implementations support HEADER values or QUERY parameters. This implementation currently only supports HEADER values, although, QUERY parameter support is in the works.

Query parameters support encoding URL’s which can then be shared as opposed to needing a specific client that can encode the request headers.

Resources

Negotiation:

  1. Client constructs a request to the server.
  2. Client calculates a keyed-hash message authentication code (HMAC-SHA) signature using your Secret Access Key (for information about HMAC, go to http://www.faqs.org/rfcs/rfc2104.html).
  3. Client includes the signature and their access key in the request, and then sends the request to the server.
  4. Server uses the access key to look up the secret key.
  5. Server generates a signature from the request data and the secret key using the same algorithm the client used to calculate the signature.
  6. If the signature generated by the Server matches the one Client sent in the request, the request is considered authentic. If the comparison fails, the request is discarded, and AWS returns an error response.

Wishlist

  • [ ] Streaming (http-conduit) support in client
  • [ ] Read server and client settings from config file or env
  • [ ] Query parameter configuration
  • [ ] Signing algorithm negotiation
  • [ ] Authentication timeout setting
  • [ ] Signed headers settings (HTTP headers to include in HMAC signature)
  • [ ] Configure acceptable date skew
  • [ ] Canonicalize query string with resource

Stats

Dependent repositories
1
Total releases
3
Latest release
First release
Stars
6
Forks
1
Watchers
1
Contributors
2
Repository size
27.3 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.0.0
0.1.0.1
0.1.0.2

Contributors

Christopher Reichert Brady Ouren


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-12-02 18:08:15 UTC

Login to resync this project