httpie-http-message-signatures
==============================
An authentication plugin for [HTTPie][1], implementing the [IETF HTTP Message Signatures][2] draft specification.
This is an incompatible replacement for and not to be confused with the ["Cavage" HTTP Signatures][3] draft.
Installation
------------
The preferred installation method is via the [`httpie cli plugins` utility][4]:
$ httpie cli plugins install httpie-http-message-signatures
You may also download this repository and install from a local source:
$ cd httpie-http-message-signatures
$ httpie cli plugins install .
Last but not least, you can install via `pip` as well:
$ pip install --upgrade httpie-http-message-signatures
Usage
-----
Use `message-signature` as the auth-type:
http -A message-signature ...
The HTTP Message Signature draft allows for a whole bunch of parameters to influence the signature. Because this can
get somewhat overwhelming quickly, this plugin allows the parameters to be passed in two different ways:
1. `-a`/`--auth` command line parameter
This allows passing arguments inline, in the following format:
key_id ":" key [":" covered_component_ids]
In other words, the key id, followed by a `:`, followed by the private key as base 64 encoded string, *optionally*
followed by another `:` and a list of comma-separated covered component ids. For example:
$ http -A message-signature -a foobar:cDf/J30Q7EtXmZZ91j4OLg== example.com
$ http -A message-signature -a foobar:cDf/J30Q7EtXmZZ91j4OLg==:@authority,@method example.com
2. `~/.httpmessagesignaturesrc` file
If no parameters are passed via `-a`/`--auth`, the plugin will look for a file called `.httpmessagesignaturesrc`
in the home directory. This file is a simple [INI-like file format][5], which contains sections for different hosts,
each with their own settings. A `[DEFAULT]` section can be used to set defaults for all hosts. For example:
[DEFAULT]
covered_component_ids = @method,@authority,@target-uri,content-digest
[example.com]
key_id = foobar
key = cDf/J30Q7EtXmZZ91j4OLg==
[*.example.com]
key_id = uydnfpw0xnegmpx2op3rhw2qm
key = nkAFfoSEN/rXWu6PrqsmntUeeSZ+aEoGD9YmxIxwjNxdlHPO4QYcSS+4aRroRHl92vEEipRCsr+j2tFVlPimfA==
covered_component_ids = @method,@authority,@path,@query-params,content-digest
Host names allow for wildcard patterns.
### Covered component ids
Different parts of the HTTP request can be included in the signature. By default, these components are included:
- `@method`
- `@authority`
- `@target-uri`
You can override this default list via the optional third command line argument or the `covered_component_ids` value
in the `~/.httpmessagesignaturesrc` file. The plugin recognizes two special component ids:
1. `content-digest`
When specifying `content-digest` as a covered component, and the request has a request body, the plugin will add a
`Content-Digest` header to the request and include it in the signature. This allows easy signing of request bodies.
2. `@query-params`
The default `@target-uri` component signs the entire URI, including query parameters. Depending on your use case,
you may need to sign the request path and query parameters separately. For this case the specification requires
for every signed query parameter to be listed separately as its own component. E.g. a request to
`http://example.com/foo/?bar=baz&quux=42` would have to look like this:
$ http -A message-signature \
-a 'foobar:cDf/J30Q7EtXmZZ91j4OLg==:"@query-params";name="bar","@query-params";name="quux"' \
example.com bar==baz quux==42
Since this is of course highly inconvenient, the special component id `@query-params` will automatically be expanded
to include all passed query parameters. So the above request can be shortened to:
$ http -A message-signature -a foobar:cDf/J30Q7EtXmZZ91j4OLg==:@query-params example.com bar==baz quux==42
See the specification for a [complete list of derived component names][6], but an incomplete list is presented here:
- `@method`
- `@target-uri`
- `@authority`
- `@scheme`
- `@request-target`
- `@path`
- `@query`
- `@query-param`
Implementation
--------------
This plugin is a wrapper around [http-message-signatures][7].
[1]: https://httpie.io
[2]: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/
[3]: https://datatracker.ietf.org/doc/draft-cavage-http-signatures/
[4]: https://httpie.io/docs/cli/httpie-cli-plugins-install
[5]: https://docs.python.org/3/library/configparser.html
[6]: https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-17.html#name-derived-components
[7]: https://pypi.org/project/http-message-signatures/
Raw data
{
"_id": null,
"home_page": "https://github.com/deceze/httpie-http-message-signatures",
"name": "httpie-http-message-signatures",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "httpie,http-signature,message-signatures",
"author": "David Zentgraf",
"author_email": "david@kunststube.net",
"download_url": "https://files.pythonhosted.org/packages/4b/ee/f57dee3787844771ee7229dca65e43deaf6863078cd65fbb0cc84ba726ae/httpie_http_message_signatures-0.0.2.tar.gz",
"platform": null,
"description": "httpie-http-message-signatures\n==============================\n\nAn authentication plugin for [HTTPie][1], implementing the [IETF HTTP Message Signatures][2] draft specification.\n\nThis is an incompatible replacement for and not to be confused with the [\"Cavage\" HTTP Signatures][3] draft.\n\nInstallation\n------------\n\nThe preferred installation method is via the [`httpie cli plugins` utility][4]:\n\n $ httpie cli plugins install httpie-http-message-signatures\n\nYou may also download this repository and install from a local source:\n\n $ cd httpie-http-message-signatures\n $ httpie cli plugins install .\n\nLast but not least, you can install via `pip` as well:\n\n $ pip install --upgrade httpie-http-message-signatures\n\nUsage\n-----\n\nUse `message-signature` as the auth-type:\n\n http -A message-signature ...\n\nThe HTTP Message Signature draft allows for a whole bunch of parameters to influence the signature. Because this can\nget somewhat overwhelming quickly, this plugin allows the parameters to be passed in two different ways:\n\n1. `-a`/`--auth` command line parameter\n\n This allows passing arguments inline, in the following format:\n\n key_id \":\" key [\":\" covered_component_ids]\n\n In other words, the key id, followed by a `:`, followed by the private key as base 64 encoded string, *optionally*\n followed by another `:` and a list of comma-separated covered component ids. For example:\n\n $ http -A message-signature -a foobar:cDf/J30Q7EtXmZZ91j4OLg== example.com\n $ http -A message-signature -a foobar:cDf/J30Q7EtXmZZ91j4OLg==:@authority,@method example.com\n\n2. `~/.httpmessagesignaturesrc` file\n\n If no parameters are passed via `-a`/`--auth`, the plugin will look for a file called `.httpmessagesignaturesrc`\n in the home directory. This file is a simple [INI-like file format][5], which contains sections for different hosts,\n each with their own settings. A `[DEFAULT]` section can be used to set defaults for all hosts. For example:\n\n [DEFAULT]\n covered_component_ids = @method,@authority,@target-uri,content-digest\n\n [example.com]\n key_id = foobar\n key = cDf/J30Q7EtXmZZ91j4OLg==\n\n [*.example.com]\n key_id = uydnfpw0xnegmpx2op3rhw2qm\n key = nkAFfoSEN/rXWu6PrqsmntUeeSZ+aEoGD9YmxIxwjNxdlHPO4QYcSS+4aRroRHl92vEEipRCsr+j2tFVlPimfA==\n covered_component_ids = @method,@authority,@path,@query-params,content-digest\n\n Host names allow for wildcard patterns.\n\n### Covered component ids\n\nDifferent parts of the HTTP request can be included in the signature. By default, these components are included:\n\n- `@method`\n- `@authority`\n- `@target-uri`\n\nYou can override this default list via the optional third command line argument or the `covered_component_ids` value\nin the `~/.httpmessagesignaturesrc` file. The plugin recognizes two special component ids:\n\n1. `content-digest`\n\n When specifying `content-digest` as a covered component, and the request has a request body, the plugin will add a\n `Content-Digest` header to the request and include it in the signature. This allows easy signing of request bodies.\n\n2. `@query-params`\n\n The default `@target-uri` component signs the entire URI, including query parameters. Depending on your use case, \n you may need to sign the request path and query parameters separately. For this case the specification requires \n for every signed query parameter to be listed separately as its own component. E.g. a request to\n `http://example.com/foo/?bar=baz&quux=42` would have to look like this:\n\n $ http -A message-signature \\\n -a 'foobar:cDf/J30Q7EtXmZZ91j4OLg==:\"@query-params\";name=\"bar\",\"@query-params\";name=\"quux\"' \\\n example.com bar==baz quux==42\n\n Since this is of course highly inconvenient, the special component id `@query-params` will automatically be expanded\n to include all passed query parameters. So the above request can be shortened to:\n\n $ http -A message-signature -a foobar:cDf/J30Q7EtXmZZ91j4OLg==:@query-params example.com bar==baz quux==42\n\nSee the specification for a [complete list of derived component names][6], but an incomplete list is presented here:\n\n- `@method`\n- `@target-uri`\n- `@authority`\n- `@scheme`\n- `@request-target`\n- `@path`\n- `@query`\n- `@query-param`\n\nImplementation\n--------------\n\nThis plugin is a wrapper around [http-message-signatures][7].\n\n\n [1]: https://httpie.io\n [2]: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/\n [3]: https://datatracker.ietf.org/doc/draft-cavage-http-signatures/\n [4]: https://httpie.io/docs/cli/httpie-cli-plugins-install\n [5]: https://docs.python.org/3/library/configparser.html\n [6]: https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-17.html#name-derived-components\n [7]: https://pypi.org/project/http-message-signatures/",
"bugtrack_url": null,
"license": "",
"summary": "HTTP Message Signatures plugin for HTTPie",
"version": "0.0.2",
"project_urls": {
"Documentation": "https://github.com/deceze/httpie-http-message-signatures",
"Homepage": "https://github.com/deceze/httpie-http-message-signatures",
"Repository": "https://github.com/deceze/httpie-http-message-signatures"
},
"split_keywords": [
"httpie",
"http-signature",
"message-signatures"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0768a8e274241be88af56f2d3ff249948b36944c1419f9a6b1e57fa94453df11",
"md5": "02a0a87e237be54024f7028cd2259d1e",
"sha256": "c47a89a9bd6558d418df9fd160a90b0e40300feb53ae0ca5b696f3bb2ec48cd1"
},
"downloads": -1,
"filename": "httpie_http_message_signatures-0.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "02a0a87e237be54024f7028cd2259d1e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 6162,
"upload_time": "2023-06-21T12:11:37",
"upload_time_iso_8601": "2023-06-21T12:11:37.631733Z",
"url": "https://files.pythonhosted.org/packages/07/68/a8e274241be88af56f2d3ff249948b36944c1419f9a6b1e57fa94453df11/httpie_http_message_signatures-0.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "4beef57dee3787844771ee7229dca65e43deaf6863078cd65fbb0cc84ba726ae",
"md5": "f4ad2d475ca7ae9c4e79b350f8587a61",
"sha256": "8ee82ba4296ac5edfee6cf7db549d5cf03cd71813d09988a72a2d6cede629a74"
},
"downloads": -1,
"filename": "httpie_http_message_signatures-0.0.2.tar.gz",
"has_sig": false,
"md5_digest": "f4ad2d475ca7ae9c4e79b350f8587a61",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 5266,
"upload_time": "2023-06-21T12:11:41",
"upload_time_iso_8601": "2023-06-21T12:11:41.000876Z",
"url": "https://files.pythonhosted.org/packages/4b/ee/f57dee3787844771ee7229dca65e43deaf6863078cd65fbb0cc84ba726ae/httpie_http_message_signatures-0.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-21 12:11:41",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "deceze",
"github_project": "httpie-http-message-signatures",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "httpie-http-message-signatures"
}
JSON
