Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Add http signatures support for the API #12338

Closed
42wim opened this issue Jul 27, 2020 · 2 comments · Fixed by #17565
Closed

Proposal: Add http signatures support for the API #12338

42wim opened this issue Jul 27, 2020 · 2 comments · Fixed by #17565
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Milestone
1.17.0

Comments

@42wim
Copy link
Member

42wim commented Jul 27, 2020

Description

Add http-signatures support for the API.

The main advantage is that this feature combined with ssh (certificates or public keys) allows users access to the API without getting an API key. Instead SSH(agent) will be used to sign the requests to the API.

The end result is that if you have a gitea installation with ssh certificates support and httpsig support, everything will "just work" for users without extra ssh/apikeys.

This will of course be not that easy to do with curl, but can be integrated into the tea client (or own tooling).

I can work on this, I think this will be a rather small chance in the code.
@6543
Copy link
Member

6543 commented Jul 27, 2020
edited
Loading

@42wim feel free to do so :)

and if we integrate it afterwards into the go-sdk -> so tea will benefit from it too 👍

@techknowlogick techknowlogick added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Aug 1, 2020
@42wim 42wim mentioned this issue Nov 6, 2021
Merged
42wim added a commit to 42wim/gitea that referenced this issue Jan 15, 2022
@42wim
Implement http signatures support for the API
4effd55 
Fixes go-gitea#12338
@lunny lunny added this to the 1.17.0 milestone Jun 4, 2022
@lunny
Copy link
Member

lunny commented Jun 4, 2022

ref: https://tools.ietf.org/html/draft-cavage-http-signatures

zeripath added a commit that referenced this issue Jun 5, 2022
@42wim @lunny @zeripath
Implement http signatures support for the API (#17565)
e528e2b 
Fixes #12338

This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens.
It will just automatically work when users have added their ssh principal in gitea.

This needs client code in tea
Update: also support normal pubkeys

ref: https://tools.ietf.org/html/draft-cavage-http-signatures

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this issue Aug 24, 2022
@42wim @lunny
@zeripath @AbdulrhmnGhanem
Implement http signatures support for the API (go-gitea#17565)
3e35cb3 
Fixes go-gitea#12338

This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens.
It will just automatically work when users have added their ssh principal in gitea.

This needs client code in tea
Update: also support normal pubkeys

ref: https://tools.ietf.org/html/draft-cavage-http-signatures

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
1.17.0
Development

Successfully merging a pull request may close this issue.

Implement http signatures support for the API 42wim/gitea
4 participants
@lunny @techknowlogick @42wim @6543