search

TritonDataCenter / node-http-signature

Reference implementation of Joyent's HTTP Signature Scheme
https://tritondatacenter.com
MIT License
405 stars 118 forks source link

Add Signature header support. #83

Closed lizheming closed 4 years ago

lizheming commented 5 years ago

As specification said, It also support header named Signature and there has no scheme in field value.

The sender is expected to transmit a header (as defined in RFC 7230, Section 3.2) where the "field-name" is "Signature", and the "field-value" contains one or more "auth-param"s (as defined in RFC 7235, Section 4.1) where the "auth-param" parameters meet the requirements listed in Section 2: The Components of a Signature. via: https://tools.ietf.org/id/draft-cavage-http-signatures-10.html#sig-header

Both parser and signer should be update to support signature header. I have different logic in parser.js and signer.js.

About sign generator part, we only need to add support for Signature header if developer set in options, because the format is different with Authorization header (just omit scheme part).

While we'll use this module to parser http request from different service, we should have max compatibility in parser part. So I will try to get authorizationHeaderName which developer set, then try to get authorization header, at last I'll try to get signature header.

close #77 when pr merged.

aldex32 commented 5 years ago

Hello,

any plan to merge this PR?

Thanks, Aldo

aldex32 commented 5 years ago

@jclulow any idea? ☝️

mattzuba commented 5 years ago

I'm currently building a drone.io plugin where the drone server sends the signature header over, so support for this would be desirable. Would love to see feedback on this and potential merging.

lizheming commented 5 years ago

@mattzuba I have met this problem in the same scene, so I created the pr. Right now we can overwrite authorization header to fit it, just like https://github.com/lizheming/drone-js-config/blob/a43c559662ab7f46299849eff5660205bcf059f2/src/logic/index.js#L4-L12.

@arekinath can you have a look this pull request and merge it? thx~

fmartinou commented 4 years ago

Hello,
Any news?

Do we have a chance to see this PR merged in the near future?
All french Banks rely on this specification for their new APIs (https://www.stet.eu/en/psd2/) so this support would be really appreciated.

kusor commented 4 years ago

Hello, Any news?

Do we have a chance to see this PR merged in the near future? All french Banks rely on this specification for their new APIs (https://www.stet.eu/en/psd2/) so this support would be really appreciated.

Done. Hope this help addressing PSD2 issues.