Experiments with implementing the server side of HTTP Origin Based Authentication RFC7486
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.well-known/hoba
lib
README.md
crypto.php
db.php
favicon.ico
genPassword.php
getchal.php
globals.php
gpl.txt
hoba-stamp.jpg
hoba.css
hobaDB.sql
index.html
index.php
jquery-1.12.4.min.js
login.php
login_poll.js
login_status.php
main.php
names.txt
prepNames.sh
printers.php
register.php

README.md

HOBA-server

Experiments with server side development of HTTP Origin Based Authentication (RFC 7486)

Licensed under GPLv3

This has been developed/tested with Apache2.4 on OpenBSD and FreeBSD

Some Apache2.4 config that might help you get started

The directory foo/hoba-ssl/.well-known/hoba contains symbolic links to the actual PHP scripts in foo/hoba-ssl/

<Directory foo/hoba-ssl>
  Options FollowSymlinks
  AllowOverride all
  Order allow,deny
  Allow from all
  SetHandler php7-script 

  # Allow Authorization header to be modified
  RewriteEngine On
  RewriteCond %{HTTP:Authorization} ^(.*)
  RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</Directory>

<Directory foo/hoba-ssl/.well-known/hoba>
  Options FollowSymLinks
  SetHandler php7-script 
</Directory>

Test Website

There is a test website up and running to play with this @ https://hoba.name/