Open IbrahimTareq opened 6 years ago
etherealjoy
commented
6 years ago @IbrahimTareq This is a custom Header right? I think almost all the generators support additional headers. additionally many frameworks support proxy which can do the HMAC header injection in the request/response headers.
Or maybe you have a different scenario? Would you like to describe it?
IbrahimTareq
commented
6 years ago @etherealjoy Yes it is. Can you point to a few useful resources that talk about HMAC header injections and how I can go about adding them to the generators?
Thanks!
etherealjoy
commented
6 years ago @IbrahimTareq Depending on how you calculate the HMAC you could create the spec in such a way that the header is a parameter to the API call, or for server side you could simply get the Header and verify. In case the HMAC is calculated based on entire request payload then the injection of the header has to be done outside the generated code. So you need to do it inside some kind of network manager level before the HTTP packet is sent over the network. The HMAC generation is pretty much tied to the platform so it is not something that everyone can use if they don't have that platform, (otherwise it defeats its purpose). Could you tell which generator are you are targeting to working with?
IbrahimTareq
commented
6 years ago @etherealjoy The way it's done is for POST requests, the hash of the body along with the request line is used as the signing string and for GET requests, it's just the signing string. According to what you said, I would have to handle it outside the generated code. I'm planning to add it to the following generators:
wing328
commented
5 years ago @IbrahimTareq do you need help adding HMAC support to the generators you mentioned? Let us know.
Description
Has anyone been able to add HMAC support to any of the generators?