Separate functions to generate Signature and Authorization headers

99designs / http-signatures-php

Sign and verify PSR-7 HTTP messages in PHP.

MIT License

44 stars 32 forks source link

Separate functions to generate Signature and Authorization headers #36

Closed liamdennehy closed 5 years ago

liamdennehy commented 6 years ago

Different use cases for each (authorisation vs digital signatures)
Different meanings deserve distinct flows
A Signature may need to be be added to a message with an existing Authorization header so can't presume we can simply generate both on every invocation

mtibben commented 5 years ago

Could you rebase out the merge commit?

liamdennehy commented 5 years ago

This PR is now mirrored in a PR for the specification itself (https://github.com/w3c-dvcg/http-signatures/pull/48) to make it more clear that these headers serve different purposes - while both Signature and Authorization can be used for authorisation, Signature is distinct in that it can create a digitally signed document out of a HTTP Message. I can even imagine a use case where Signature can sign the Authorization header, so we need to make these distinct.

liamdennehy commented 5 years ago

I have integrated this feature in my own project along with a number of others, and published this in packagist. Documentation for the entire library is published at Read the Docs: http-signatures-php - incomplete but being expanded regularly.

liamdennehy commented 5 years ago

Closing PR due to inactivity.