This software provides HMAC-based authentication for HTTP, offering a secure method for verifying the authenticity of requests to a server.
The generated HMAC is then transmitted as part of the request. When the server receives this request, it too must build the same canonical representation and generate its own HMAC using its copy of the secret key. If the HMAC matches the HMAC sent by the client, the server can be assured that the client has the shared secret key. This type of authentication ensures message integrity because it combines the content and the shared secret of the request.
AuthHMAC was developed by Peerworks for authentication between various Peerworks applications. Although loosely based on the Amazon Web Services authentication scheme, AuthHMAC accepts other applications without Amazon specific components. HMAC Authentication is best used for communication between applications such as web services because it provides better security than HTTP Basic authentication without the need to set up SSL.
Of course, SSL is necessary if you need to protect the confidentiality of the data; otherwise, AuthHMAC is an effective choice that can authenticate requests during transit without sending credentials in the clear. It's important to note that AuthMAC is licensed and provided under the terms of the MIT License.
Version 1.1.0: N/A