sig_auth v0.1.2 SigAuth

This module is primarily intended for client use, or for public key loading on the server. While not strictly necessary, it is highly recommended to use SigAuth.Plug and a CredentialServer to streamline authentication within your server routing

Example Use

Client

This client is using HTTPotion, but any client library that allows specifying custom headers (SigAuth provides headers as ["authorization", "<authorization-token-stuff>", ...]) can be used.

priv_key = SigAuth.load_key("./test/testing_id_rsa")
headers = SigAuth.sign("GET", "/api/users/27.json", 1, "", "bob", priv_key)
# headers contains "authorization", and "x-sigauth-nonce" headers
HTTPotion.get("www.myapp.com/api/users.27.json", [headers: headers])

Server

As previously mentioned, Server authentication should be conducted using the SigAuth.Plug module and a CredentialServer. See the code for SigAuth.Plug if you have a requirement to validate signatures without the Plug.

Summary

Functions

Utility for extracting a nonce from request headers

Utility for extracting a signature from request headers

Server utility for extracting a username from request headers

This method loads both public and private SSH RSA keys into a variable for use with either client-signing, or loading credentials into a credential server

This method actually signs a request, accepting each component thereof. The returned headers should be included when sending the request. The Authorization header produced contains the base 64 characters of the signature

Reports the validity of a signature. Intended for use by SigAuth.Plug, it may nevertheless be used by server code that cannot use the Plug

Functions

get_nonce(headers)
get_nonce([{String.t, String.t}]) :: integer

Utility for extracting a nonce from request headers.

get_signature(headers)
get_signature([{String.t, String.t}]) :: binary

Utility for extracting a signature from request headers.

get_username(headers)
get_username([{String.t, String.t}]) :: String.t

Server utility for extracting a username from request headers.

load_key(filename)
load_key(String.t) :: {:ok, any}

This method loads both public and private SSH RSA keys into a variable for use with either client-signing, or loading credentials into a credential server.

Examples:

iex> priv = SigAuth.load_key("test/testing_id_rsa")
{:RSAPrivateKey, :"two-prime", 1925825628552485095461711380...}

iex> pub = SigAuth.load_key("test/testing_id_rsa.pub")
{:RSAPublicKey, 1925825628552485...}
sign(method, path, nonce, body, username, private_key)
sign(String.t, String.t, integer, binary, String.t, any) :: [{String.t, String.t}]

This method actually signs a request, accepting each component thereof. The returned headers should be included when sending the request. The Authorization header produced contains the base 64 characters of the signature.

Examples:

iex> priv = SigAuth.load_key("test/testing_id_rsa")
...> nonce = System.system_time(:microseconds)
...> headers = SigAuth.sign("GET", "/api/v1/people", nonce, "", "Chris", priv)
[{"x-sigauth-nonce", "1480535381422"},{"authorization", "SIGAUTH Chris:XlP49MtvM+dkE23...}]
valid?(method, path, nonce, body, signature, public_key)
valid?(String.t, String.t, integer, binary, binary, any) ::
  true |
  false

Reports the validity of a signature. Intended for use by SigAuth.Plug, it may nevertheless be used by server code that cannot use the Plug.