auth-hmac icon indicating copy to clipboard operation
auth-hmac copied to clipboard
verified publisher icon seangeo

Allow authenticating forwarded requests

Open cap10morgan opened this issue 15 years ago • 2 comments

We have a centralized authorization service that needs to verify HMAC auth on behalf of various API servers that act as proxies to the central service. But the API clients don't know anything about this and believe they are authenticating against the API server.

So I moved the auth-hmac library to support authenticating against forwarded credentials rather than assuming those of the incoming request itself.

Here are the changes I made to support this use case: http://github.com/cap10morgan/auth-hmac/compare/master...referrer_auth

cap10morgan avatar May 11 '10 19:05 cap10morgan

Hold off on this patch for now. Tests are failing for some reason. I'll look into it.

cap10morgan avatar May 11 '10 20:05 cap10morgan

OK, should be fine now.

cap10morgan avatar May 11 '10 20:05 cap10morgan