{"id":32460318,"url":"https://github.com/dfinity/http-auth-poc","last_synced_at":"2025-10-26T11:55:01.373Z","repository":{"id":320593868,"uuid":"939954705","full_name":"dfinity/http-auth-poc","owner":"dfinity","description":"Authenticate to ICP canisters over HTTP (Proof of Concept)","archived":false,"fork":false,"pushed_at":"2025-10-24T16:13:48.000Z","size":327,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-24T18:13:41.701Z","etag":null,"topics":["http","http-message-signatures","icp","internet-computer","rest-api","rfc-9421","rfc9421","rust","typescript"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dfinity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-27T11:33:07.000Z","updated_at":"2025-10-21T17:43:03.000Z","dependencies_parsed_at":"2025-10-24T18:14:16.590Z","dependency_job_id":"2e5e8899-0938-4538-ac31-0cdca0a5fa52","html_url":"https://github.com/dfinity/http-auth-poc","commit_stats":null,"previous_names":["dfinity/http-auth-poc"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/dfinity/http-auth-poc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfinity%2Fhttp-auth-poc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfinity%2Fhttp-auth-poc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfinity%2Fhttp-auth-poc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfinity%2Fhttp-auth-poc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dfinity","download_url":"https://codeload.github.com/dfinity/http-auth-poc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfinity%2Fhttp-auth-poc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281099982,"owners_count":26443537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-26T02:00:06.575Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http","http-message-signatures","icp","internet-computer","rest-api","rfc-9421","rfc9421","rust","typescript"],"created_at":"2025-10-26T11:54:59.102Z","updated_at":"2025-10-26T11:55:01.367Z","avatar_url":"https://github.com/dfinity.png","language":"Rust","readme":"# Auth over HTTP\n\n\u003e ⚠️ **Warning**: This is ONLY a proof of concept. It is NOT ready for production use. DO NOT USE THIS IN PRODUCTION.\n\nThis repo contains a proof of concept for HTTP Authentication for canisters. It showcases how to use [HTTP Message Signatures](https://www.rfc-editor.org/rfc/rfc9421.html) to authenticate requests to a canister.\n\n## Advantages\n\nUsing HTTP Message Signatures instead of the custom authentication mechanism has the following advantages:\n\n- Uses an IETF standard for authentication that does not require [setting custom fields in the request body](https://internetcomputer.org/docs/references/ic-interface-spec#authentication)\n- Removes the need of [CBOR](https://internetcomputer.org/docs/references/ic-interface-spec#api-cbor) for encoding messages sent to and received from canisters. As a consequence:\n  - Canisters can expose their API using their preferred standard (e.g. OpenAPI, gRPC, etc.)\n  - Existing and widely adopted API standards (REST, GraphQL, etc.) can be used to interact with canisters, enabling popular tools and libraries to be used\n  - Developing client and server side code is easy, as the requests and responses are standard HTTP requests and responses\n\n## Try It Out\n\nThe todo app example is available on mainnet at https://a5eh2-zqaaa-aaaac-qad2a-cai.icp0.io/\n\n### Components\n\nExamples:\n\n- [todo-app](./examples/todo-app/): A simple todo app. The backend canister exposes the API using REST.\n\nPackages:\n\n- [ic-http-auth](./packages/ic-http-auth/): The canister side library for verifying HTTP Message Signatures\n- [http-auth-js](./packages/http-auth-js/): The client side library for sending signed HTTP requests to a canister\n- [insomnia-plugin-ic-http-auth](./packages/insomnia-plugin-ic-http-auth/): An [Insomnia](https://insomnia.rest/) plugin for sending signed HTTP requests to a canister\n\n### Prerequisites\n\nMake sure you have the following installed:\n- [pnpm](https://pnpm.io/)\n- [dfx](https://internetcomputer.org/docs/building-apps/getting-started/install)\n- [Rust](https://rust-lang.org/)\n\n### Run It Locally\n\nAfter cloning the repository, install the dependencies:\n\n```shell\npnpm i\ndfx deps pull\n```\n\nThen, start the local network:\n\n```shell\ndfx start --background --clean\n```\n\nThen, deploy the canisters:\n\n```shell\ndfx deps deploy\ndfx deploy\n```\n\nIn the output, you will see a URL similar to `http://\u003ccanister-id\u003e.localhost:4943`. Open this URL in your browser to see the todo app running locally.\n\n## Benchmarks\n\nAt the current state, the proof of concept verifies signatures of requests sent to the canister inside the canisters directly. Verifying canister signatures is\n\nWe use [Canbench](https://github.com/dfinity/canbench) to benchmark the performance of some functions of the [ic-http-auth](./packages/ic-http-auth/) package.\n\nTo run the benchmarks, first install the `canbench` CLI:\n\n```shell\ncargo install canbench\n```\n\nThen, run the benchmarks:\n\n```shell\ncd packages/ic-http-auth\ncanbench\n```\n\nThe latest results can be found in the [canbench_results.yml](./packages/ic-http-auth/canbench_results.yml) file.\n\n\u003e Note: if you want to update the benchmarks results, you can run the benchmarks with the `--persist` flag:\n\u003e\n\u003e ```shell\n\u003e canbench --persist\n\u003e ```\n\n## Contributing\n\nContributions are welcome! Please see the [contribution guide](./.github/CONTRIBUTING.md) for more information.\n\n## License\n\nThis project is licensed under the [Apache-2.0](./LICENSE) license.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfinity%2Fhttp-auth-poc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdfinity%2Fhttp-auth-poc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfinity%2Fhttp-auth-poc/lists"}