oauth2-proxy/assets/js/b89e1cb0.d176f819.js

"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[8873],{3905:function(e,t,r){r.d(t,{Zo:function(){return p},kt:function(){return d}});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?o(Object(r),!0).forEach((function(t){a(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):o(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function s(e,t){if(null==e)return{};var r,n,a=function(e,t){if(null==e)return{};var r,n,a={},o=Object.keys(e);for(n=0;n<o.length;n++)r=o[n],t.indexOf(r)>=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n<o.length;n++)r=o[n],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var u=n.createContext({}),c=function(e){var t=n.useContext(u),r=t;return e&&(r="function"==typeof e?e(t):i(i({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(u.Provider,{value:t},e.children)},l={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,u=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,m=f["".concat(u,".").concat(d)]||f[d]||l[d]||o;return r?n.createElement(m,i(i({ref:t},p),{},{components:r})):n.createElement(m,i({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,i=new Array(o);i[0]=f;var s={};for(var u in t)hasOwnProperty.call(t,u)&&(s[u]=t[u]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c<o;c++)i[c]=r[c];return n.createElement.apply(null,i)}return n.createElement.apply(null,r)}f.displayName="MDXCreateElement"},8706:function(e,t,r){r.r(t),r.d(t,{frontMatter:function(){return s},contentTitle:function(){return u},metadata:function(){return c},toc:function(){return p},default:function(){return f}});var n=r(7462),a=r(3366),o=(r(7294),r(3905)),i=["components"],s={id:"request_signatures",title:"Request Signatures"},u=void 0,c={unversionedId:"features/request_signatures",id:"version-7.0.x/features/request_signatures",title:"Request Signatures",description:"If signature_key is defined, proxied requests will be signed with the",source:"@site/versioned_docs/version-7.0.x/features/request_signatures.md",sourceDirName:"features",slug:"/features/request_signatures",permalink:"/oauth2-proxy/docs/7.0.x/features/request_signatures",editUrl:"https://github.com/oauth2-proxy/oauth2-proxy/edit/master/docs/versioned_docs/version-7.0.x/features/request_signatures.md",tags:[],version:"7.0.x",frontMatter:{id:"request_signatures",title:"Request Signatures"},sidebar:"version-7.0.x/docs",previous:{title:"Endpoints",permalink:"/oauth2-proxy/docs/7.0.x/features/endpoints"},next:{title:"Security",permalink:"/oauth2-proxy/docs/7.0.x/community/security"}},p=[],l={toc:p};function f(e){var t=e.components,r=(0,a.Z)(e,i);return(0,o.kt)("wrapper",(0,n.Z)({},l,r,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("p",null,"If ",(0,o.kt)("inlineCode",{parentName:"p"},"signature_key")," is defined, proxied requests will be signed with the\n",(0,o.kt)("inlineCode",{parentName:"p"},"GAP-Signature")," header, which is a ",(0,o.kt)("a",{parentName:"p",href:"https://en.wikipedia.org/wiki/Hash-based_message_authentication_code"},"Hash-based Message Authentication Code\n(HMAC)"),"\nof selected request information and the request body ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/oauthproxy.go"},"see ",(0,o.kt)("inlineCode",{parentName:"a"},"SIGNATURE_HEADERS"),"\nin ",(0,o.kt)("inlineCode",{parentName:"a"},"oauthproxy.go")),"."),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"signature_key")," must be of the form ",(0,o.kt)("inlineCode",{parentName:"p"},"algorithm:secretkey"),", (ie: ",(0,o.kt)("inlineCode",{parentName:"p"},'signature_key = "sha1:secret0"'),")"),(0,o.kt)("p",null,"For more information about HMAC request signature validation, read the\nfollowing:"),(0,o.kt)("ul",null,(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html"},"Amazon Web Services: Signing and Authenticating REST\nRequests")),(0,o.kt)("li",{parentName:"ul"},(0,o.kt)("a",{parentName:"li",href:"http://rc3.org/2011/12/02/using-hmac-to-authenticate-web-service-requests/"},"rc3.org: Using HMAC to authenticate Web service\nrequests"))))}f.isMDXComponent=!0}}]);