Comments (4)
you can always implement your own authentications and use them with the AuthenticationPlugin.
if you have a good implementation of HMAC it could be cool to add it to php-http/message in https://github.com/php-http/message/tree/master/src/Authentication. this depends a bit on how complicated HMAC is though - if it depends on other libraries or is otherwise complicated enough to need several classes, its better as a separate component.
you should be able to add more than one instance of the authentication plugin to a client: http://docs.php-http.org/en/latest/plugins/authentication.html - does that not work?
from httplug.
Hi, I know I can implement my own authentication class but I thought it'd be best not to have multiple versions of a authentication class that could be beneficial to all (much like wsse, hmac is a quite common authentication mechanism)
if you have a good implementation of HMAC it could be cool to add it to php-http/message in https://github.com/php-http/message/tree/master/src/Authentication. this depends a bit on how complicated HMAC is though - if it depends on other libraries or is otherwise complicated enough to need several classes, its better as a separate component.
I do have an implementation that I started working on but it is based on a custom class (in an external dependency) whose job is to sign and verify hmac requests (and it is not publicly available yet)
you should be able to add more than one instance of the authentication plugin to a client: http://docs.php-http.org/en/latest/plugins/authentication.html - does that not work?
Adding multiple mechanism is not the issue here, the issue is that if multiple mechanism add the same header (in this cas the Authorization header) I don't think you can use both authentication simultaneously
A simple example is to have an client app authentify itself using hmac and authentifying the end-user who made the request via a token : if both mechanism write to the same header at some point one is bound to overwrite the other and you can never use both at the same time to authentify both client app and end user.
from httplug.
same header
what do the standards say how multiple mechanisms should work? should we use withAddedHeader
in our plugins so that authentications accumulate? would that not trip up some of the implementations?
hmac
i was afraid that hmac is not trivial. if this needs an encoder and possibly some crypto library or something, i think it should be a separate repository to not overload whats in php-http/message.
from httplug.
if someone did a hmac auth library for php-http, please add it in https://github.com/php-http/documentation/
from httplug.
Related Issues (20)
- HttpFulfilledPromise constructor parameter should be mixed HOT 3
- Circuit Breaker HOT 6
- Missing badges HOT 2
- Sending file from a multipart stream HOT 13
- Add support for HTTP proxies and SSL Client certificates? HOT 7
- How to set timeout for a request while being abstracted from a HttpClient implementation? HOT 6
- Implementation Question: how to code Client options in a library-agnostic way? HOT 5
- Benchmarks? HOT 2
- Prepare version 2.0 HOT 6
- phpstan complains about Http\Client\Exception HOT 6
- Adding deprecated HOT 5
- HttpException create method self vs static HOT 1
- Symfony HTTP Client Adapter HOT 1
- PSR-18: Network / Request exception inheritance HOT 1
- Add psr-18 github tag HOT 1
- Throwable not supported HOT 8
- State of async HTTP clients and promises HOT 13
- PHP 8.0 support HOT 1
- "php-http/httplug" package is not installed HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from httplug.