curl-users
Re: AWS SigV4 authentication
Date: Thu, 14 Dec 2017 00:46:39 +0100 (CET)
On Wed, 13 Dec 2017, Haitham Gad wrote:
> It is open in the sense that it's well documented by AWS and there's a lot
> of existing implementations in many languages. It is not standardized, but
> it's useful to a wide range of users (all AWS customers). Users usually use
> the CLI or SDKs to call AWS APIs, but there's still need to inspect the raw
> HTTP responses from API calls.
But what other servers than Amazon's support it?
> I think I can free up a few days to work on an implementation for SigV4 in
> curl. If you have any guidance regarding contributing to curl, I appreciate
> if you can share it with me.
It is probably a good idea to see how for example HTTP Digest is implemented
and work from there. HTTP auths typically get a 401 response back to the
initial request, with some bits of data that is then used by the client to
calculate some value that is then sent to the server in a second request - the
authenticated request.
Now I don't know anything about the protocol specifics, but I saw one page
hinting that there's a hash of the payload involved which sounds like it could
make it fairly complicated to add.
-- / daniel.haxx.se ----------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2017-12-14