manueldimmler/hmac-signature-middleware

Two PSR-15 middlewares to create and verify HMAC signatures

Maintainers

Details

github.com/manueldimmler/hmac-signature-middleware

Homepage

Source

Issues

Installs: 6

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

v0.1.1 2022-07-13 15:02 UTC

Requires

Requires (Dev)

MIT d7f4b1b4cd47940f6a768958ebc46feaef37e995

Authenticationmiddlewaresignaturehmacpsr-15

This package is auto-updated.

Last update: 2024-06-13 19:28:51 UTC

README

This package provides two PSR-15 middlewares.

The first middleware creates a signature of the payload. A secret key has to be provided as first argument. By default, SHA1 hashing algorithm is used and the HMAC signature will be added as x-signature header.

$signatureMiddleware = new Http\Middleware\HmacSignatureMiddleware('secret key'):

To validate the signature, use the verification middleware.

/** @var \Psr\Http\Message\ResponseFactoryInterface $responseFactory */
$signatureMiddleware = new Http\Middleware\HmacVerificationMiddleware('secret key', $responseFactory):

What's a HMAC

A HMAC is a hash-based message authentication code using a symmetric key.

If a user sees a message and a HMAC and knows the associated secret key, he can verify that the HMAC was produced by a principal that knows the key by doing the HMAC computation hisself. Therefore, if a message comes with a correct HMAC attached, it means this message was seen by a holder of the secret key at some point.

Installation

composer require manueldimmler/hmac-signature-middleware