API Auth - SHA256

[alanruth]

Hopefully in the right place for this...

We leverage flexirest to communicate between two applications using api-auth. We would like to have flexirest sign the requests using a sha256 digest as described in the api-auth repository. The next release of api-auth enables different digests and then specifying this within the authorization header.

For example:

digest = OpenSSL::Digest.new('sha256')

and then being able to have APIAuth authenticate using that sha256:

head(:unauthorized) unless @current_account && ApiAuth.authentic?(request, @current_account.secret_key, :digest => 'SHA256')

and in the header:

APIAuth-HMAC-SHA256 'id':'secret_key'

Curious if there are settings or configurations where we can drive this behavior in the initializer

[andyjeffries]

Unfortunately I don't use APIAuth, this feature was submitted by @nathanhoel. I don't know if he's able to reply to this, if not I'll have a look in to it.

[nathanhoel]

My colleagues and I have no plans of using that part of Api Auth so I will not have the bandwidth to add that. The best way to get it into Flexirest would be to submit a PR! Andy has been very good about merging contributions :)

Although it sounds like Andy might even look into it possibly, I just can't speak for him.

[andyjeffries]

I've done the code for this in https://github.com/andyjeffries/flexirest/compare/apiauth-digest but it doesn't seem to affect the generated headers. I've opened an issue on ApiAuth's side - mgomes/api_auth#106.

[andyjeffries]

I've got it all working with Api Auth, however I'm waiting on them releasing ApiAuth 2.0.0

[andyjeffries]

I've released v1.3.15 which supports this change - providing you have v2.0.0 or above of ApiAuth installed (and it'll ignore the options if you have a earlier version)