Digests
The request body can be signed with a digest, and that digest can be put into the Digest
HTTP header, for example:
HTTP 1.1/POST /
Digest: SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
... (other HTTP headers)
{"hello":"world"}
This digest can be used both to verify that the message body is unaltered and to verify the signature.
The digest must include the hashing algorithm in the hash text in order to be verified, e.g.
SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=
or
MD5=5d41402abc4b2a76b9719d911017c592
Using as a Permission
You can enable the Digest
header as a requirement for permissions using the permissions.HttpDigestMatches
class:
from keypair_permissions.permissions import HttpDigestMatches
class AuthTestApiView(GenericAPIView):
permissions_classes = [HttpDigestMatches]
def post(self, request):
return response(request.body)
Using as Mixin
You can use the Digest
header as a Mixin also, using the mixins.HttpDigestRequiredMixin
class:
from keypair_permissions.mixins import HttpDigestRequiredMixin
class AuthTestApiView(HttpDigestRequiredMixin, GenericAPIView):
def post(self, request):
return response(request.body)
Digest Algorithms
Digest algorithms are used to create a hash of the message body. The resulting hash is tagged with the hashing algorithm name and put in the Digest
HTTP header.
The following algorithms are tested and working:
- SHA256
- SHA512