{"id":15678968,"url":"https://github.com/marcgibbons/drf_signed_auth","last_synced_at":"2025-05-07T09:08:10.051Z","repository":{"id":57424122,"uuid":"102907445","full_name":"marcgibbons/drf_signed_auth","owner":"marcgibbons","description":"Signed URL authentication for Django REST Framework to generate temporary URLs","archived":false,"fork":false,"pushed_at":"2022-12-26T20:30:07.000Z","size":87,"stargazers_count":12,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-07T09:07:58.783Z","etag":null,"topics":["authentication","authentication-backends","django-rest-framework","temporary-credentials"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marcgibbons.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-09-08T21:52:11.000Z","updated_at":"2025-04-01T05:37:10.000Z","dependencies_parsed_at":"2023-01-31T01:15:46.141Z","dependency_job_id":null,"html_url":"https://github.com/marcgibbons/drf_signed_auth","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcgibbons%2Fdrf_signed_auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcgibbons%2Fdrf_signed_auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcgibbons%2Fdrf_signed_auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcgibbons%2Fdrf_signed_auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marcgibbons","download_url":"https://codeload.github.com/marcgibbons/drf_signed_auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252847494,"owners_count":21813454,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authentication-backends","django-rest-framework","temporary-credentials"],"created_at":"2024-10-03T16:25:38.664Z","updated_at":"2025-05-07T09:08:10.027Z","avatar_url":"https://github.com/marcgibbons.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DRF Signed Auth\nA stateless authentication backend intended to temporarily expose protected\nresources.\n\n[![Build Status](https://travis-ci.org/marcgibbons/drf_signed_auth.png?branch=master)](https://travis-ci.org/marcgibbons/drf_signed_auth)\n[![Code Coverage](https://codecov.io/gh/marcgibbons/drf_signed_auth/branch/master/graph/badge.svg)](https://codecov.io/gh/marcgibbons/drf_signed_auth)\n[![PyPI Version](https://img.shields.io/pypi/v/drf-signed-auth.svg)](https://pypi.python.org/pypi/drf-signed-auth/0.1.1)\n\n\n## Example app\n[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)\n\nDeploy your own, or try out  https://drf-signed-auth.herokuapp.com\n\n\n## Why?\n\nThe motivation for this package comes from a frequent project requirement to\ndirectly download served by the API in formats like CSV or Excel within the\ncontext of a single-page-application.\n\nWithin this context, authentication cannot be achieved using HTTP Headers, as\nthe resource is accessed directly through a URL via an `\u003ca\u003e` tag. Therefore, a\ntemporary signature passed in the query string must be used to authenticate the\nrequest.\n\n\nThis package uses Django's cryptographic signing to produce a short-lived\nsignature. It provides a view used to produce the signature and a DRF\nauthentication backend.\n\n\n## Is this secure?\nUse this backend with caution and sparingly. Anyone with a copy of the signed\nURL will be able to access a protected resource, so keep the expiry time\nshort (see settings), and ensure that the Django `SECRET_KEY` setting is kept\nprivate.\n\n\n## Requirements\n- Python 2.7 / 3.6\n- Django 1.8, 1.9, 1.10, 1.11\n- Django REST Framework 3.6, 3.7\n\n\n## Installation\n`pip install drf-signed-auth`\n\n\n## Quick start\nRegister the SignUrlView in `urls.py`\n\n```python\n# urls.py\n\nfrom django.conf.urls import url\nfrom drf_signed_auth.views import SignUrlView\n\n\nurlpatterns = [\n    ...\n    url(r'^sign-url/$', SignUrlView.as_view(), name='sign-url'),\n    ...\n]\n```\n\nUse the authentication backend on the view you wish to expose.\n\n```python\n# views.py\nfrom drf_signed_auth.authentication import SignedURLAuthentication\nfrom rest_framework.permissions import IsAuthenticated\nfrom rest_framework.views import APIView\n\n\nclass MyCSVView(APIView):\n    ...\n    authentication_classes = [SignedURLAuthentication]\n    permission_classes = [IsAuthenticated]\n    ...\n```\n\n## Usage\n\nObtain the signature by making a POST request to the Sign URL endpoint, and\nprovide the `url` of the endpoint you wish to access. This can be a relative\nor absolute path.\n\n### Example\n\n```\n# Request\nPOST /sign-url  HTTP/1.1\nHOST your.api.host\nContent-Type: application/json\n\n{\"url\": \"/path\"}\n\n\n# Response\nhttp://your.api.host/path?sig=xxxxxxxxxxxxxxx\n```\n\nThe returned URL will be valid for the time specified by the `SIGNED_URL_TTL`.\n\n\n## Settings\n\nThe following settings may be configured in your project's `settings.py`\n\n| Setting                   | Description                                           | Default |\n| --- | --- | --- |\n| `SIGNED_URL_TTL`          | The time in seconds for which the signature is valid  | `30` (seconds) |\n| `SIGNED_URL_QUERY_PARAM`  | The querystring variable name                         | `sig` |\n| `SIGNED_URL_PERMISSION_CLASSES`  | Permission classes on the signed URL view | `[rest_framework.permissions.IsAuthenticated]` |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarcgibbons%2Fdrf_signed_auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarcgibbons%2Fdrf_signed_auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarcgibbons%2Fdrf_signed_auth/lists"}