Proposal for "HTTP_Request2_Hawk"

» Metadata » Status
  • Status: Proposed
» Description

This class is an Observer for signing HTTP_Request2 requests with an Hawk authentication header.

Hawk is an HTTP authentication scheme using a message authentication code (MAC) algorithm to provide partial HTTP request cryptographic verification.

By using an Observer, it is really easy to add authentication to the requests. The MAC is added to the request headers transparently, just before the request is sent.

Questions :

- Should this be added to the main package or is it better to have it live on its own ?

Hawk is pretty new, but it is an important feature for consuming web APIs, especially in machine to machine environment which is where it shines compared to OAuth/OAuth2. We are going to use it for our own webservices in our apps, and it's being used by others as well (example : https://tent.io/docs/authentication). I think it should become more popular quickly, especially because OAuth is such a mess.

- Is an Observer the right way to do it ?

It works great, but it is the first time I use HTTP_Request2 (which is a nice package BTW), so there might be other ways.

Links :

- Hawk docs : https://github.com/hueniverse/hawk/
- Other valuable PHP implementation (with server as well) : https://github.com/dflydev/dflydev-hawk
- My Lua server implementation for Nginx : https://github.com/golgote/lua-resty-hawk

» Dependencies » Links
  • HTTP_Request2
» Timeline » Changelog
  • First Draft: 2014-02-08
  • Proposal: 2014-02-08