You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Services will soon start require requests to be signed, so client should be able to do this signing.
Proposed solution
Implement signing requests somehow in ApiClientBase or utility functions/classes like GrpcStreamBroadcaster or call_stub_method. Ideally signing should be as transparent as possible to client implementers.
Signing works as follows:
Signature parts
The following request parts are used to generate the signature:
The user's API key (Metadata key: key)
The user's secret must be provided to the client, loaded from a file, env vars, etc.
The timestamp that the client sent the request (Metadata key: ts)
A one-time cryptographic random number called "nonce" generated for each request by the client (Metadata key: nonce)
The name of the requested gRPC method.
The serialized message body.
The signature is stored in the metadata key sig.
Algorithm
The algorithm uses HMAC with SHA-256 as the hashing algorithm. The resulting signature is encoded using URL-safe base64 without padding.
The algorithm can be outlined in pseudocode as follows:
What's needed?
Services will soon start require requests to be signed, so client should be able to do this signing.
Proposed solution
Implement signing requests somehow in
ApiClientBase
or utility functions/classes likeGrpcStreamBroadcaster
orcall_stub_method
. Ideally signing should be as transparent as possible to client implementers.Signing works as follows:
Signature parts
The following request parts are used to generate the signature:
key
)ts
)nonce
)The signature is stored in the metadata key
sig
.Algorithm
The algorithm uses HMAC with SHA-256 as the hashing algorithm. The resulting signature is encoded using URL-safe base64 without padding.
The algorithm can be outlined in pseudocode as follows:
Resources
The text was updated successfully, but these errors were encountered: