Ocelot: Dose it support HMAC Signature to authenticate API requests?

Created on 17 Jul 2018  路  6Comments  路  Source: ThreeMammals/Ocelot

enhancement good first issue help wanted large effort

Most helpful comment

@Rwing yes sure, it鈥檚 on the list!

All 6 comments

@Rwing this isn't supported at the moment.

Can I ask what use case you want this feature for?

just it's simpler than jwt & oauth for api consumer馃ぃ

Is there any plan to add this feature?

@Rwing yes sure, it鈥檚 on the list!

@TomPallister Would this be materialized as an AuthenticationHandler<T> ?
Also would it use the Amazon way of signing requests or another method like https://github.com/w3c-dvcg/http-signatures ?

@MikeFH yes it would almost certainly be some kind of .net authentication handler.

I haven't looked at this issue yet. I would imagine someone has already created a middleware for HMAC signing in asp.net and I would just use this. Infact I don't even think it needs to be anything to do with Ocelot......you just need to add it as the first middleware before Ocelot. I will leave this open for now because it might be nice to provide tighter integration or something.

Was this page helpful?
0 / 5 - 0 ratings