requests-hawk

These details have been verified by PyPI

Maintainers

alexis.metaireau jrconlin leplatrem Natim rfk tarek

These details have not been verified by PyPI

Project links

Homepage

Project description

This project allows you to use the python requests library with the hawk authentication mechanism.

Hawk itself does not provide any mechanism for obtaining or transmitting the set of shared credentials required, but this project proposes a scheme we use across mozilla services projects.

Great, how can I use it?

First, you’ll need to install it:

pip install requests-hawk

Then, in your project, if you know the id and key, you can use:

import requests
from requests_hawk import HawkAuth

hawk_auth = HawkAuth(id='my-hawk-id', key='my-hawk-secret-key')
requests.post("https://example.com/url", auth=hawk_auth)

Or if you need to derive them from the hawk session token, instead use:

import requests
from requests_hawk import HawkAuth

hawk_auth = HawkAuth(
    hawk_session=resp.headers['hawk-session-token'],
    server_url=self.server_url
)
requests.post("/url", auth=hawk_auth)

In the second example, the server_url parameter to HawkAuth was used to provide a default host name, to avoid having to repeat it for each request.

If you wish to override the default algorithm of sha256, pass the desired algorithm name using the optional algorithm parameter.

Note: The credentials parameter has been removed. Instead pass id and key separately (as above), or pass the existing dict as **credentials.

Integration with httpie

Httpie is a tool which lets you do requests to a distant server in a nice and easy way. Under the hood, httpie uses the requests library. We’ve made it simple for you to plug hawk with it.

If you know the id and key, use it like that:

http POST localhost:5000/registration\
--auth-type=hawk --auth='id:key'

Or, if you want to use the hawk session token, you can do as follows:

http POST localhost:5000/registration\
--auth-type=hawk --auth='c0d8cd2ec579a3599bef60f060412f01f5dc46f90465f42b5c47467481315f51:'

Take care, don’t forget to add the extra : at the end of the hawk session token for it to be considered like so.

How are the shared credentials shared?

Okay, on to the actual details.

The server gives you a session token, that you’ll need to derive to get the hawk credentials.

Do an HKDF derivation on the given session token. You’ll need to use the following parameters:

key_material = HKDF(hawk_session, '', 'identity.mozilla.com/picl/v1/sessionToken', 32*2)

The key material you’ll get out of the HKDF needs to be separated into two parts, the first 32 hex characters are the hawk id, and the next 32 ones are the hawk key:

credentials = {
    'id': keyMaterial[0:32]
    'key': keyMaterial[32:64]
    'algorithm': 'sha256'
}

Run tests

To run test, you can use tox:

tox

CHANGELOG

1.2.1 (2023-05-03)

Add support for ext external data string (#34) (thanks @jtmaclachlan)

1.2.0 (unreleased)

Nothing changed yet.

1.1.1 (2021-06-04)

Handle cases where Content-Type is defined as bytes rather than string. (#25)
Allow for app mohawk sender parameter configuration

1.1.0 (2020-12-16)

Allow to skip hashing request and response bodies with always_hash_content.

1.0.1 (2020-01-20)

Add Python 3 support. (#22)

1.0.0 (2015-12-15)

Simplified API for using HawkAuth when the id and key are known. (#8)
Added support for overriding the default algorithm (sha256) when deriving credentials from the hawk session token, via a new algorithm parameter.

See the README for migration advice if you use the credentials parameter.

0.2.1 (2015-10-14)

Make sure the requests json parameter is handled properly. (#7)

0.2.0 (2015-05-19)

Fix encoding error in setup.py with Python 3.4
Add a configuration parameter in order to be able to set the timestamp to use.

0.1.2 (2014-08-13)

Add Python3 support

0.1.1 (2014-07-21)

First version

Project details

These details have been verified by PyPI

Maintainers

alexis.metaireau jrconlin leplatrem Natim rfk tarek

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

1.2.1

May 4, 2023

1.1.1

Jun 4, 2021

1.1.0

Dec 17, 2020

1.0.1

Jan 20, 2020

1.0.0

Dec 15, 2015

0.2.1

Oct 14, 2015

0.2.0

May 19, 2015

0.1.2

Aug 13, 2014

0.1.1

Jul 21, 2014

0.1.0

Jul 16, 2014

0.0.1

Jul 16, 2014

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

requests-hawk-1.2.1.tar.gz (6.8 kB view details)

Uploaded May 4, 2023 Source

Built Distribution

requests_hawk-1.2.1-py2.py3-none-any.whl (7.4 kB view details)

Uploaded May 4, 2023 Python 2 Python 3

File details

Details for the file requests-hawk-1.2.1.tar.gz.

File metadata

Download URL: requests-hawk-1.2.1.tar.gz
Upload date: May 4, 2023
Size: 6.8 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.11.2

File hashes

Hashes for requests-hawk-1.2.1.tar.gz
Algorithm	Hash digest
SHA256	`ad9205042c94bdb15afaa19b0780e11077b24d9e5cffac1fb3d26cb08aa435b7`
MD5	`7d893696b12f0913e3e6355b0d86e9fa`
BLAKE2b-256	`af4835c2adbe796eee460dc3b69704dae66c2b6647c3f9d85ab156aa4b0443a6`

See more details on using hashes here.

File details

Details for the file requests_hawk-1.2.1-py2.py3-none-any.whl.

File metadata

Download URL: requests_hawk-1.2.1-py2.py3-none-any.whl
Upload date: May 4, 2023
Size: 7.4 kB
Tags: Python 2, Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.11.2

File hashes

Hashes for requests_hawk-1.2.1-py2.py3-none-any.whl
Algorithm	Hash digest
SHA256	`afe8add3c72a21405543a07464b62e36a5f378585e5cf3b54b1307e884f67324`
MD5	`a9ccbc6ecac0283538bbacc3365f7303`
BLAKE2b-256	`e1da6bd7c2ea86b4b8e33704d942a3c7c2ecd03cffb7ecb315241de989b79003`