package awsm

  1. Overview
  2. Docs

Module Awsm.AuthSource

Authentication using AWS's Signature Version 4 signing process.

Sourcetype payload_hash = private string * int
Sourceval payload_hash : string -> payload_hash
Sourceval empty_payload_hash : payload_hash
Sourcemodule Date_header : sig ... end
Sourcemodule Session_token_header : sig ... end
Sourceval headers_with_date_and_payload_hash : ?session_token:string -> timestamp:Core.Time.t -> payload_hash:[ `Unsigned | `Signed of payload_hash ] -> Cohttp.Header.t -> Cohttp.Header.t
Sourceval sign_url : http_method:Cohttp.Code.meth -> region:Region.t -> service:Service.t -> timestamp:Core.Time.t -> headers:Cohttp.Header.t -> ?aws_secret_access_key:string -> ?aws_access_key_id:string -> payload_hash:[ `Unsigned | `Signed of payload_hash ] -> ?timeout:int -> Uri.t -> Uri.t

Create a signed URL, i.e. one of the methods of adding signing information to a request as defined by Task 4. Result is the original URL with additional query parameters added to it.

headers must contain at least "host".

timeout is the number of seconds after which the signed URL will become inactive. Error if value is not between 1 and 604800. Omitting it is equivalent to setting 604800, according to AWS's documentation.

Sourceval sign_request : ?session_token:string -> ?aws_access_key_id:string -> ?aws_secret_access_key:string -> region:Region.t -> service:Service.t -> payload_hash:payload_hash -> Cohttp.Request.t -> Cohttp.Request.t

Sign the given request. Named arguments are all the additional information needed to sign a request. Returned request is identical to given one, with an extra "Authorization" header added. Adheres to AWS v4 specification.

Low Level API

Sourcetype canonical_request = private string
Sourcetype credential_scope = private string
Sourcetype string_to_sign = private string
Sourcetype signature = private string
Sourceval canonical_request : http_method:Cohttp.Code.meth -> uri:Uri.t -> headers:Cohttp.Header.t -> payload_hash:[ `Unsigned | `Signed of payload_hash ] -> canonical_request

Create canonical request, i.e. Task 1.

headers should include all headers that are part of the request, and must contain "host".

Sourceval credential_scope : timestamp:Core.Time.t -> region:Region.t -> service:Service.t -> credential_scope
Sourceval string_to_sign : canonical_request:canonical_request -> credential_scope:credential_scope -> timestamp:Core.Time.t -> string_to_sign

Create string to sign, i.e. Task 2.

Sourceval signature : ?aws_secret_access_key:string -> string_to_sign:string_to_sign -> timestamp:Core.Time.t -> region:Region.t -> service:Service.t -> unit -> signature

Calculate signature, i.e. Task 3.

Sourceval authorization_header : ?aws_access_key_id:string -> signature:signature -> credential_scope:credential_scope -> headers:Cohttp.Header.t -> unit -> string * string

Create Authorization header, which is neeeded by one of the techniques for signing requests defined by Task 4.

OCaml

Innovation. Community. Security.