Documentation

Authorization

Authorization¶

Dynamic Values
Authorization

For general information about dynamic values and instructions on how to insert them in Paw see the introduction to dynamic values.

HTTP Basic Auth

HTTP Basic Auth¶

HTTP Basic Auth (or Basic access authentication) is a widely used protocol for simple username/password authentication, for example, when your web browsers prompts you for credentials.

Paw natively supports HTTP Basic Auth via the HTTP Basic Auth Dynamic Value, which generates an Authorization header from the credentials you provide.

Under the Wood¶

HTTP Basic access authentication is one of the easiest authentication methods and it’s only safe with a secure SSL/HTTPS connection. The header generated is:

Basic {TOKEN}

where the {TOKEN} is the base 64 of the username and password separated by a colon. In pseudo-code, it would be:

base64(username + ':' + password)

com.luckymarmot.BasicAuthDynamicValue

Argument: username: DynamicString: None
The username.

Argument: password: DynamicString: None
The password.

Argument: charset: string: ``utf-8``

The charset used for encoding.

utf-8

function evaluate(context){
    var dv = new DynamicValue('com.luckymarmot.BasicAuthDynamicValue', {
        username: 'john.appleseed',
        password: 'myOwnSuperSecretPassword'
    });
    return dv.getEvaluatedString();
};

OAuth 1

OAuth 1¶

Paw has support for OAuth 1 signature and Authorization header.

com.luckymarmot.OAuth1HeaderDynamicValue

Argument: consumerKey: DynamicString: None
The Consumer Key given by the provider (app credentials).

Argument: consumerSecret: DynamicString: None
The Consumer Secret given by the provider (app credentials).

Argument: token: DynamicString: None
The Access Token given by the provider (user credentials).

Argument: tokenSecret: DynamicString: None
The Access Token Secret given by the provider (user credentials).

Argument: algorithm: DynamicString: ``HMAC-SHA1``

The signature method algorithm (HMAC-SHA1, RSA-SHA1 or PLAINTEXT).

HMAC-SHA1

Argument: nonce: DynamicString: None
An unique identifier.

Argument: timestamp: DynamicString: None
A timestamp.

Argument: callback: DynamicString: None
A callback URL.

Argument: additionalParameters: DynamicString: None
Additional parameters (e.g. myfield=myvalue).

// simple example
function evaluate(context){
    var oauth1_dv = new DynamicValue('com.luckymarmot.OAuth1HeaderDynamicValue', {
        consumerKey: '12345',
        consumerSecret: '23444',
        token: 'a1b2c3',
        tokenSecret: '12345',
        algorithm: 'HMAC-SHA1'
    });
    return oauth1_dv.getEvaluatedString();
};

// example with some optional parameters
function evaluate(context){
    var nonce = new DynamicValue('com.luckymarmot.NonceDynamicValue');
    var timestamp = new DynamicValue('com.luckymarmot.TimestampDynamicValue', {
        format: 1 /* Epoch Time */
    });
    var oauth1_dv = new DynamicValue('com.luckymarmot.OAuth1HeaderDynamicValue', {
        consumerKey: '12345',
        consumerSecret: '23444',
        token: 'a1b2c3',
        tokenSecret: '12345',
        algorithm: 'HMAC-SHA1',
        nonce: new DynamicString(nonce),
        timestamp: new DynamicString(timestamp),
        callback: 'http://somewhere.com/path'
    });
    return oauth1_dv.getEvaluatedString();
};

OAuth 1 Signature

OAuth 1 Signature¶

../../_images/OAuth1.0SignatureDynamicValue.png

The OAuth 1 Signature lets you generate OAuth 1 signatures.

com.luckymarmot.OAuth1SignatureDynamicValue

Argument: consumerSecret: DynamicString: None
The Consumer Secret given by the provider (app credentials).

Argument: tokenSecret: DynamicString: None
The Access Token Secret given by the provider (user credentials).

Argument: algorithm: DynamicString: ``HMAC-SHA1``

The signature method algorithm (HMAC-SHA1, RSA-SHA1 or PLAINTEXT).

HMAC-SHA1

Argument: URLEncoded: bool: ``true``

Whether signature should be encoded using percent-encoding.

true

function evaluate(context){
    var dv = new DynamicValue('com.luckymarmot.OAuth1SignatureDynamicValue', {
        consumerSecret: '23444',
        tokenSecret: '12345',
        algorithm: 'HMAC-SHA1'
    });
    return dv.getEvaluatedString();
};

OAuth 2

OAuth 2¶

Paw natively supports the full OAuth 2 authorization flow.

com.luckymarmot.OAuth2DynamicValue

Argument: grantType: number: ``0`` (Authorization Code)

The OAuth 2 Grant Type (0: AuthorizationCode, 1: Implict, 2: Resource Owner Password Credentials, 3: Client Credentials).

0 (Authorization Code)

Argument: clientID: DynamicString: None
The Client ID given by the provider (client credentials).

Argument: clientSecret: DynamicString: None
The Client Secret given by the provider (client credentials). Not applicable for Implict grant type.

Argument: sendClientCredentialsInBody: bool: ``false``

Whether client credentials should be sent in the Authorization header using HTTP Basic Auth (recommended) or in the request body. Not applicable for Implict grant type.

false

Argument: username: DynamicString: None
The Username given by the provider (client credentials). For Resource Owner Password Credentials grant type only.

Argument: password: DynamicString: None
The Password given by the provider (client credentials). For Resource Owner Password Credentials grant type only.

Argument: authorizationURL: DynamicString: None
The Authorization URL given by the provider. Only for Authorization Code and Implict grant types.

Argument: accessTokenURL: DynamicString: None
The Access Token URL of the web page the OAuth service (aka. provider) would normally bring users so they can authorize the access. Not applicable for Implict grant type.

Argument: callbackURL: DynamicString: None
Also known as the Redirect URL, it’s the URL you’ve setup in the OAuth provider’s settings. It should be the URL of a web page on your server, where users will be redirected after authorization process. Only for Authorization Code and Implict grant types.

Argument: explicitCallbackURL: bool: ``true``

Whether the Redirect URL should be specified in requests. Only for Authorization Code and Implict grant types.

true

Argument: scope: DynamicString: None
The OAuth scope as indicated by the provider.

Argument: stateNonce: DynamicString: None
An unique identifier. Only for Authorization Code and Implict grant types.

Argument: strict: bool: None
Whether additional checks should be performed on responses.

Argument: tokenPrefix: DynamicString: ``Bearer``

The Token prefix.

Bearer

Argument: token: DynamicString: None
The Access Token obtained from the provider.

function evaluate(context){
    var dv = new DynamicValue('com.luckymarmot.OAuth2DynamicValue', {
        grantType: 0 /* = Authorization Code Grant */,
        clientID: '12345',
        clientSecret: '67890',
        authorizationURL: 'https://github.com/login/oauth/authorize',
        accessTokenURL: 'https://github.com/login/oauth/authorize',
        scope: 'repo, user'
    });
    return dv.getEvaluatedString();
};

Amazon S3 Header

Amazon S3 Header¶

Generates Amazon S3 Authorization header.

com.luckymarmot.AmazonS3HeaderDynamicValue

Argument: accessKeyId: DynamicString: None
The Amazon Access Key ID.

Argument: secretAccessKeyId: DynamicString: None
The Amazon Secret Access Key ID.

function evaluate(context){
    var dv = new DynamicValue('com.luckymarmot.AmazonS3HeaderDynamicValue', {
        accessKeyId: '18734981740892',
        secretAccessKeyId: '98485298349'
    });
    return dv.getEvaluatedString();
};

Amazon S3 Signature

Amazon S3 Signature¶

../../_images/S3SignatureDynamicValue.png

Generates Amazon S3 signatures.

com.luckymarmot.AmazonS3SignatureParameterDynamicValue

Argument: secretAccessKeyId: DynamicString: None
The Amazon Secret Access Key ID.

Argument: URLEncoded: bool: ``true``

Whether signature should be encoded using percent-encoding.

true

function evaluate(context){
    var dv = new DynamicValue('com.luckymarmot.AmazonS3SignatureParameterDynamicValue', {
        secretAccessKeyId: '98485298349'
    });
    return dv.getEvaluatedString();
};