oauth2_proxy/6_request_signatures.md at master

938 B

Raw Permalink Blame History

layout	title	permalink	nav_order
default	Request Signatures	/request-signatures	6

Request signatures

If signature_key is defined, proxied requests will be signed with the GAP-Signature header, which is a Hash-based Message Authentication Code (HMAC) of selected request information and the request body [see SIGNATURE_HEADERS in oauthproxy.go]({{ site.gitweb }}/oauthproxy.go).

signature_key must be of the form algorithm:secretkey, (ie: signature_key = "sha1:secret0")

For more information about HMAC request signature validation, read the following:

Amazon Web Services: Signing and Authenticating REST Requests
rc3.org: Using HMAC to authenticate Web service requests

938 B Raw Permalink Blame History

Request signatures

938 B

Raw Permalink Blame History