{"id":21730152,"url":"https://github.com/nventive/requestssignature-dart","last_synced_at":"2026-05-08T04:02:39.614Z","repository":{"id":223494221,"uuid":"751410361","full_name":"nventive/RequestsSignature-Dart","owner":"nventive","description":null,"archived":false,"fork":false,"pushed_at":"2024-05-31T19:35:47.000Z","size":41,"stargazers_count":2,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-04T09:39:59.623Z","etag":null,"topics":["dart","flutter"],"latest_commit_sha":null,"homepage":"","language":"Dart","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nventive.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-01T15:01:22.000Z","updated_at":"2024-12-22T10:47:56.000Z","dependencies_parsed_at":"2024-03-11T13:39:11.352Z","dependency_job_id":"a920721f-a324-4b8c-adc0-10a0b811f949","html_url":"https://github.com/nventive/RequestsSignature-Dart","commit_stats":null,"previous_names":["nventive/requestssignature-dart"],"tags_count":0,"template":false,"template_full_name":"nventive/Template","purl":"pkg:github/nventive/RequestsSignature-Dart","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nventive%2FRequestsSignature-Dart","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nventive%2FRequestsSignature-Dart/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nventive%2FRequestsSignature-Dart/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nventive%2FRequestsSignature-Dart/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nventive","download_url":"https://codeload.github.com/nventive/RequestsSignature-Dart/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nventive%2FRequestsSignature-Dart/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266447593,"owners_count":23929980,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dart","flutter"],"created_at":"2024-11-26T04:13:12.014Z","updated_at":"2026-05-08T04:02:39.518Z","avatar_url":"https://github.com/nventive.png","language":"Dart","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RequestsSignature-Dart\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg?style=flat-square)](LICENSE) [![Pub Package](https://img.shields.io/pub/v/requests_signature_dart.svg?style=flat-square)](https://pub.dartlang.org/packages/requests_signature_dart) [![package publisher](https://img.shields.io/pub/publisher/requests_signature_dart.svg?style=flat-square)](https://pub.dev/packages/requests_signature_dart/publisher)\n\nSigns and validates HTTP requests.\n\nThis projects can help you implements [HMAC](https://en.wikipedia.org/wiki/HMAC) signatures to HTTP requests on flutter projects.\n\nFor backend systems done in .NET, use the [RequestsSignature](https://github.com/nventive/RequestsSignature) library to implement [HMAC](https://en.wikipedia.org/wiki/HMAC) signatures.\n\n## Getting Started\n\n### Implementing Requests Signature Validation in Dart/Flutter app project:\n\nInstall the package:\n\n```\nflutter pub add requests_signature_dart\n```\n\nThis will add a line like this to your package's `pubspec.yaml` (and run an implicit `flutter pub get`):\n\n```yaml\ndependencies:\n  requests_signature_dart: ^1.0.0\n```\nAlternatively, your editor might support `flutter pub get`. Check the docs for your editor to learn more.\n\nThen do the following to add a `RequestsSignatureInterceptor` to your Dio client.\n\n```dart\nimport 'package:requests_signature_dart/requests_signature_dart.dart';\nimport 'package:requests_signature_dart/src/client/requests_signature_options.dart';\nimport 'package:dio/dio.dart';\n\nvoid main() {\n  // Instantiate Dio client.\n  final dio = Dio();\n\n  // Define signature options.\n  final signatureOptions = RequestsSignatureOptions(\n    clientId: 'your_client_id', // Your unique client ID\n    clientSecret: 'your_client_secret', // Your client secret key\n    headerName: 'X-Request-Signature', // Name of the custom header for the signature\n    signaturePattern: '{ClientId}:{Nonce}:{Timestamp}:{SignatureBody}', // Pattern for the signature header value\n    clockSkew: Duration(seconds: 30), // Clock skew duration (30 seconds in this example)\n    disableAutoRetryOnClockSkew: false, // Disable auto retry on clock skew if set to true\n  );\n\n  // Instantiate interceptor.\n  final interceptor = RequestsSignatureInterceptor(\n    signatureOptions,\n    dio,\n  );\n\n  // Add interceptor to Dio client.\n  dio.interceptors.add(interceptor);\n}\n```\n\n## Features\n\n### Default Header signature and algorithm\n\nBy default, here is how the header is constructed:\n\nThe final header has the following specification: `{ClientId}:{Nonce}:{Timestamp}:{SignatureBody}` where:\n- `{ClientId}`: is the client id as specified by the configuration\n- `{Nonce}`: is a random value unique to each request (a UUID/GUID is perfectly suitable)\n- `{Timestamp}`: is the current time when the request is sent, in Unix Epoch time (in seconds)\n- `{SignatureBody}`: Is the Base-64 encoded value of the HMAC SHA256 Signature of the signature components\n\nSignature components (the source for the SignatureBody HMAC value) is a binary value composed of the following values sequentially:\n- Nonce: UTF-8 encoded binary values of the Nonce\n- Timestamp: UTF-8 encoded binary values of the Timestamp (as a string value)\n- Request method: UTF-8 encoded binary values of the **uppercase** Request method\n- Request scheme: UTF-8 encoded binary values of the Request Uri scheme (e.g. `https`)\n- Request host: UTF-8 encoded binary values of the Request Uri host (e.g. `example.org`)\n- Request local path: UTF-8 encoded binary values of the Request Uri local path (e.g. `/api/v1/users`)\n- Request query string: UTF-8 encoded binary values of the Request Query string, including the leading `?` (e.g. `?q=search`)\n- Request body: Raw bytes of the request body\n\n*For more information see the [`SignatureBodySourceBuilder`](lib/src/core/implementation/signature_body_source_builder.dart) class.\n\n*See the Configuration section on how to customize the signature.*\n\n### Auto retry on clock skew detection (client)\n\nThe `RequestsSignatureDelegatingHandler` has a specific features that tries to detect\nwhen a client's clock is not properly synchronized with the server and compensate\nfor the delta. This is useful when dealing with clients that are not under your control.\n\nThe way this work is when the client receives either a 401 or 403 status code and the \nresponse includes a Date header, it compares the date received from the server and the\nclient current time. If the difference is more than the configured `clockSkew`, it\ncomputes the delta, adjust the time based on the computation and automatically re-tries\nthe request. All subsequent invocation will also apply the same time delta, until another \npotential clock skew is detected.\n\nThis behavior can be de-activated using the `disableAutoRetryOnClockSkew` client option.\n\n### Configuration options\n\n**It is important to properly synchronize the settings between the server and all the clients, otherwise the signature will be improperly computed and compared.**\n\n#### Client-side\n\n- `clockSkew`: The duration of time that a timestamp will still be considered valid when\n  comparing with the current time (+/-). Defaults to 5 minutes.\n- `headerName`: The name of the header that contains the signature. Defaults to `X-RequestSignature`.\n- `signaturePattern`: The pattern that is used to create the final header value.\n  Defaults to `{ClientId}:{Nonce}:{Timestamp}:{SignatureBody}`.\n- `disableAutoRetryOnClockSkew`: When set to true, the handler will not attempt to \n  detect clock skew and auto-retry.\n\n### Further customization\n\nIt is possible to further customize the behavior of the component by providing \ncustom implementation of the following interfaces:\n\n- `ISignatureBodySourceBuilder`: Builds the source data for the signature computation\n- `ISignatureBodySigner`: Creates the signature body value (from the signature body source)\n- `IRequestsSignatureValidationService`: Performs the signature validation\n\nAdditionally, the Hash algorithm used can be customized by constructing the \n`HashAlgorithmSignatureBodySigner` using a custom `hashAlgorithmBuilder`:\n\n```csharp\nimport 'package:requests_signature_dart/requests_signature_dart.dart';\nimport 'package:dio/dio.dart';\nimport 'package:cryptography/cryptography.dart';\n\nvoid main() {\n  final dio = Dio();\n\n  [...]\n\n  var customSignatureBodySigner = HashAlgorithmSignatureBodySigner(hmacAlgorithm: DartHmac.sha256());\n\n  // Instantiate interceptor.\n  final interceptor = RequestsSignatureInterceptor(\n    signatureOptions,\n    dio,\n    signatureBodySigner: customSignatureBodySigner\n  );\n\n  [...]\n}\n```\n\n## Changelog\n\nPlease consult the [CHANGELOG](CHANGELOG.md) for more information about version\nhistory.\n\n## License\n\nThis project is licensed under the Apache 2.0 license - see the\n[LICENSE](LICENSE) file for details.\n\n## Contributing\n\nPlease read [CONTRIBUTING.md](CONTRIBUTING.md) for details on the process for\ncontributing to this project.\n\nBe mindful of our [Code of Conduct](CODE_OF_CONDUCT.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnventive%2Frequestssignature-dart","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnventive%2Frequestssignature-dart","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnventive%2Frequestssignature-dart/lists"}