Services will soon start require requests to be signed, so client should be able to do this signing.
Proposed solution
Implement signing requests somehow in ApiClientBase or utility functions/classes like GrpcStreamBroadcaster or call_stub_method. Ideally signing should be as transparent as possible to client implementers.
Signing works as follows:
Signature parts
The following request parts are used to generate the signature:
The user's API key (Metadata key: key)
The user's secret must be provided to the client, loaded from a file, env vars, etc.
The timestamp that the client sent the request (Metadata key: ts)
A one-time cryptographic random number called "nonce" generated for each request by the client (Metadata key: nonce)
The name of the requested gRPC method.
The serialized message body.
The signature is stored in the metadata key sig.
Algorithm
The algorithm uses HMAC with SHA-256 as the hashing algorithm. The resulting signature is encoded using URL-safe base64 without padding.
The algorithm can be outlined in pseudocode as follows:
What's needed?
Services will soon start require requests to be signed, so client should be able to do this signing.
Proposed solution
Implement signing requests somehow in
ApiClientBaseor utility functions/classes likeGrpcStreamBroadcasterorcall_stub_method. Ideally signing should be as transparent as possible to client implementers.Signing works as follows:
Signature parts
The following request parts are used to generate the signature:
key)ts)nonce)The signature is stored in the metadata key
sig.Algorithm
The algorithm uses HMAC with SHA-256 as the hashing algorithm. The resulting signature is encoded using URL-safe base64 without padding.
The algorithm can be outlined in pseudocode as follows:
Resources