Usage
For usage examples I will be using httpx
, but any other python request
library should be similar.
Validation
from aws4 import generate_challenge, validate_challenge
def fetch_secret_access_key(access_key_id) -> str:
return "my-secret-access-key"
challenge = generate_challenge(
method=request.method,
url=request.url,
headers=request.headers,
content=request.content,
)
secret_access_key = fetch_access_key(challenge.access_key_id)
validate_challenge(challenge, secret_access_key)
Signing
An example of an httpx AWS4 request signing. As part of the sign_request method
the Authorization
header is injected into request.headers
from datetime import datetime, timezone
import aws4
service = "s3"
region = "us-east-1"
access_key_id = "my-access-key-id"
secret_access_key = "my-secret-access-key"
def http_aws4_auth(request: httpx.Request):
dt = datetime.now(tz=timezone.utc)
request.headers["x-amz-date"] = aws4.to_amz_date(dt)
request.headers["host"] = request.url.netloc.decode("utf-8")
body = request.content.decode("utf-8")
if body:
request.headers["Content-Length"] = str(len(body))
aws4.sign_request(
service,
request.method,
request.url,
region,
request.headers,
body,
access_key_id,
secret_access_key,
dt,
)
with httpx.Client() as client:
r = client.request(
url="http://localhost",
auth=http_aws4_auth,
)
Generate user keys
To generate user key pairs, aws4.key_pair
provides some helpful utility functions.