Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HMAC authN mode #9

Open
guicassolato opened this issue Dec 22, 2020 · 3 comments
Open

HMAC authN mode #9

guicassolato opened this issue Dec 22, 2020 · 3 comments
Labels
kind/enhancement New feature or request

Comments

@guicassolato
Copy link
Collaborator

There's already a placeholder for it at https://github.com/3scale-labs/authorino/blob/2b6a6f8016a5837650506cd125751f8d95ea4197/pkg/config/identity/hmac.go.

@guicassolato guicassolato added the kind/enhancement New feature or request label Mar 2, 2021
@Rohith-Raju
Copy link
Contributor

Hey, @guicassolato I'd like to work on this...any prereqs?

@guicassolato
Copy link
Collaborator Author

@Rohith-Raju, I think this issue lacks definition. Because of that, I'll remove participation/good first issue label for now.


Azure's HMAC authentication for REST APIs could be a good reference here. I like it because it's flexible (the contract includes telling the server what the source of the hash is) and because it doesn't use the request body in the string-to-sign (the contrary often makes HMAC authn impractical due to encoding issues, amongst other problems). Moreover, Azure's API HMAC authentication is simple and easy to implement in both ends (client and server).

However, Azure's approach is not a standard. To make it more generic, at least those Microsoft-specific required headers need to be dropped of course – although Date is probably better keeping.

AWS's HMAC authn uses a sightly different, more complex approach, where users first need to generate a temporary signing key out of the long-lived secret access key, the date and other attributes (AWS service name and region), and only then HMAC the message, including the payload.

We need to gather some inputs from the field to choose which model we want to support.

@guicassolato guicassolato removed the participation/good first issue Good for newcomers label Mar 1, 2023
@Rohith-Raju
Copy link
Contributor

Rohith-Raju commented Mar 1, 2023

Ok @guicassolato, I'll look into this, thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement New feature or request
Projects
Status: Todo
Status: No status
Development

No branches or pull requests

2 participants