Skip to content
Python library for HAWK HTTP authentication
Branch: master
Clone or download
Pull request Compare This branch is 9 commits behind mozilla:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Python Libraries for HAWK

Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification.

PyHawk is great for consuming or providing webservices from Python.


PyHawk's goal is to track as closely to the original NodeJS' hawk code, because hawk is a primarily an authentication scheme documented by the implementaiton (as opposed to a standard).

If you find this module un-pythonic, also consider:

Usage (Client Side)

If you had code that consumed a HAWK authenticated webservice, you could do something like the following

import hawk
import requests

# Hawk is secured with a shared secret
credentials = db.lookup_secrets(some_id)

# Prepare your request headers
header = hawk.client.header(url, 'GET', {
    'credentials': credentials,
    'ext': 'Yo Yo'})

# Which goes into Authorization field of HTTP headers
headers = [('Authorization', header['field'])]
res = requests.get(url, data=params, headers=headers)

response = { 'headers': res.headers }

# We can verify we're talking to our trusted server
verified = hawk.client.authenticate(response, credentials,
                                    {'payload': res.text})
if verified:
    print res.text
    print "Something fishy going on."

See for details.

Usage (Server side)

If you provide a webservice and want to do authentication via HAWK, do something like the following:

import hawk

# A callback function for looking up credentials
def lookup_hawk_credentials(id):
    # Some collection of secrets
    return db.lookup(id)

# req is a Request object from your webserver framework
if 'Hawk ' in req.headers['Authorization']:
    return check_auth_via_hawk(req)
    return failure(req, res)

def check_auth_via_hawk(req):
    server = hawk.Server(req, lookup_hawk_credentials)

    # This will raise a hawk.util.HawkException if it fails
    artifacts = server.authenticate()

    # Sign our response, so clients can trust us
    auth = server.header(artifacts,
                             { 'payload': payload,
                               'contentType': 'text/plain' })

    headers = [('Content-Type', 'text/plain'),
                   ('Server-Authorization', auth)]

    start_response(status, headers)

    return payload

See for details.


PyHawk uses python logging to emit information about why authorization is failing and so on. You can configure these logger channels with INFO, DEBUG, etc, to get some helpful output.

All hawk logging, including everything below.
All hawk client related messages, including header construction.
All hawk server related messages, including authorization.
All hawk crypto related messages, including bewit handling.
All shared hawk code such as header normalization.


This is under development, ready for adventurous users. There doesn't appear to be a Python library for HAWK. Let me know if there is already a robust library.


Optionally use env as a virtualenv

virtualenv env
source env/bin/activate

Locally install source:

python develop

Unit tests are in hawk/tests.

python hawk/tests/test_*.py

Additionally, one can test compatibility:

The compatibility/nodejs directory has a server.js and a client.js (Node code) which are from HAWK's usage.js.

To test the server, do the following:

  1. python
  2. cd compatibility/nodejs/
  3. node client.js

Output should be

Authenticated Request is 200 (OK)
Response validates (OK)
Unauthenticated request should 401 - (OK)

Note: the port numbers in and client.js must match.

To test the client, do the following:

  1. cd compatibility/nodejs/
  2. node server.js
  3. cd ../..
  4. python

Output should be

Response validates (OK)

Publishing Versions

Edit and bump the version number.

python sdist upload

You should see your updates at

You can’t perform that action at this time.