Extensible request signing #138
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I've just rebased onto current master and added the ability to configure the custom signers directory (since it looks like #137 will be accepted). |
|
Looks like it'll need to be rebased again after the other PRs I just merged for you. Sorry. |
ghost
assigned 
|
No problem - I just have done. Thanks for merging the others! |
|
No problem. I'll take a run through this when I get a moment. |
|
Hi - just checking in on this. Any ETA on when you'll get a chance to take a look at this? |
|
looks like this was planned to be merged so I'll take a look |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
In issue #134 I asked about extension points in iodocs - specifically I was interested in providing my own request signing logic (although I was a bit imprecise and called this an 'authentication mechanism'). I haven't seen anything suggesting this is currently possible, so I've quickly put something together - hopefully it's useful.
This change pulls out some of the existing signing code into a
signersdirectory, and dynamically requires these signers at run time. (I've also commonised some of the existing code). This allows users of iodocs to use a custom signing method by just writing a new signer, popping it in the signers directory, and adding the appropriate signature type in apiconfig.json.This also helps keep things clean - no need to change app.js, so pulling in upstream updates in the future is easier.
Note that the data I'm passing to signRequest is more than the existing signers want - this is because the new signer I want to write needs a few more bits of data. I can't think of anything else any future signer would want, so hopefully this will do for now. Note also that because I need these extra bits of information, I've moved signing slightly later in the process; I don't believe this will cause any issues, though.
If #137 gets any traction, I'll do something similar for configuring the
signersdirectory (although that seems a bit doubtful, so I've not bothered for now).Thanks,
Rowan