package awsm

  1. Overview
  2. Docs

Authentication using AWS's Signature Version 4 signing process.

type payload_hash = private string * int
val payload_hash : string -> payload_hash
val empty_payload_hash : payload_hash
module Date_header : sig ... end
module Session_token_header : sig ... end
val headers_with_date_and_payload_hash : ?session_token:string -> timestamp:Core.Time.t -> payload_hash:[ `Unsigned | `Signed of payload_hash ] -> Cohttp.Header.t -> Cohttp.Header.t
val sign_url : http_method:Cohttp.Code.meth -> region:Region.t -> service:Service.t -> timestamp:Core.Time.t -> headers:Cohttp.Header.t -> ?aws_secret_access_key:string -> ?aws_access_key_id:string -> payload_hash:[ `Unsigned | `Signed of payload_hash ] -> ?timeout:int -> Uri.t -> Uri.t

Create a signed URL, i.e. one of the methods of adding signing information to a request as defined by Task 4. Result is the original URL with additional query parameters added to it.

headers must contain at least "host".

timeout is the number of seconds after which the signed URL will become inactive. Error if value is not between 1 and 604800. Omitting it is equivalent to setting 604800, according to AWS's documentation.

val sign_request : ?session_token:string -> ?aws_access_key_id:string -> ?aws_secret_access_key:string -> region:Region.t -> service:Service.t -> payload_hash:payload_hash -> Cohttp.Request.t -> Cohttp.Request.t

Sign the given request. Named arguments are all the additional information needed to sign a request. Returned request is identical to given one, with an extra "Authorization" header added. Adheres to AWS v4 specification.

Low Level API

type canonical_request = private string
type credential_scope = private string
type string_to_sign = private string
type signature = private string
val canonical_request : http_method:Cohttp.Code.meth -> uri:Uri.t -> headers:Cohttp.Header.t -> payload_hash:[ `Unsigned | `Signed of payload_hash ] -> canonical_request

Create canonical request, i.e. Task 1.

headers should include all headers that are part of the request, and must contain "host".

val credential_scope : timestamp:Core.Time.t -> region:Region.t -> service:Service.t -> credential_scope
val string_to_sign : canonical_request:canonical_request -> credential_scope:credential_scope -> timestamp:Core.Time.t -> string_to_sign

Create string to sign, i.e. Task 2.

val signature : ?aws_secret_access_key:string -> string_to_sign:string_to_sign -> timestamp:Core.Time.t -> region:Region.t -> service:Service.t -> unit -> signature

Calculate signature, i.e. Task 3.

val authorization_header : ?aws_access_key_id:string -> signature:signature -> credential_scope:credential_scope -> headers:Cohttp.Header.t -> unit -> string * string

Create Authorization header, which is neeeded by one of the techniques for signing requests defined by Task 4.

OCaml

Innovation. Community. Security.