HMAC Request Signing

Follow

J Balakrishnan

• August 26, 2015 18:06

Do you have plans of supporting HMAC request signing in near future?

0

• Official comment

  

  Support

  • August 26, 2015 18:38

  OAuth1a is available in C#, Java, Android, PHP, Ruby, iOS. We can add this support in remaining languages if needed. Just let us know :)

  Comment actions Permalink
• 

  Support

  • August 26, 2015 18:24

  Hi, we already support OAuth1a, which uses HMACSHA1 signing in many languages. Do you have a custom signing process?

  0

  Comment actions Permalink
• 

  J Balakrishnan

  • August 26, 2015 18:27

  Hi Zeeshan,

  I don't have a custom signing process. I think I can use the OAuth 1 version for the API that we're writing.

  I did not go through the full list and dint realize that OAuth is doing hmac.

  Thank you for the immediate response.

  0

  Comment actions Permalink
• 

  J Balakrishnan

  • September 24, 2015 23:28

  Hi,

  Is it possible to do the HMAC signing process but without all the oauth headers.

  Generate AccessKey and SecretKey fields - Generate nonce and sign the request body
  Add the HMAC Signature as a customized Http Header in the form:- Authorization: Hmac accessKey:Signature
  Add the Nonce as a Http Header

  If the oauth code is a utility when the sdk is generated, then can I possibly customize the oauth code? That might be quicker instead of you writing a whole new authentication type.

  0

  Comment actions Permalink
• 

  Support

  • September 24, 2015 23:36

  Hi. Yes you are right, implementing a new AuthType might take a while for us to implement due to the backlog. However if you are willing to edit the generated code then it should be easy.

  If you set Authentication to OAuth1 TokenSecret, you should already see an OAuthUtility class in the generated code. That class has the code for computing HMAC signatures and nonce etc. It should be straight forward to edit the class. Does that answer your question?

  0

  Comment actions Permalink
• 

  J Balakrishnan

  • September 24, 2015 23:46

  Yes it does.

  I did a sample api and downloaded the sdk for a single language. The oauth utility is separate and it can be edited easily. If the same pattern is there for all languages, then I can definitely get it done.

  I'll play around with the code generator and will ask for help if I bump into any problems.

  Again thanks for the quick response.

  0

  Comment actions Permalink
• 

  Support

  • September 24, 2015 23:50

  Yes, we have the same design pattern for OAuth1 in C#, Java, Android, PHP, Ruby, iOS. Other languages like Python, Go, and JS are currently lacking this auth type implementation. But I am sure we can add this support if you need it :)

  0

  Comment actions Permalink
• 

  J Balakrishnan

  • September 24, 2015 23:55

  No point having it in JS unless its for nodejs server. The whole idea of HMAC is to protect secret :)

  I'm looking at only C#, Ruby, Python, Java, PHP and Go. Go is not urgent anyways :)

  Thank you.

  0

  Comment actions Permalink
• 

  Support

  • September 25, 2015 00:01

  Haha, yes you are right. But I have seen some JS with embedded API Keys. Anyways, once you are done with other languages, I will get someone to look at HMAC signing in Python. Should be straight forward. Best of luck!

  0

  Comment actions Permalink

Please sign in to leave a comment.