add http message creation detail & images #383
Conversation
|
✅ Deploy Preview for openpayments-preview ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
The Content-Digest header is not standard but part of the signature headers. I also believe that the Date header is not standard. We never use it.
I think we should also add the Authorization header.
There was a problem hiding this comment.
- Updated header:
- removed
Content-DigestandDate - added
Authorization
- Replaced the diagram with a codeblock titled 'Example: message before signature'.
There was a problem hiding this comment.
Date is not part of it. I also cannot find it in the docs.
Also, the first line (POST ...), that is split into @method and @target-uri. The HTTP version is irrelevant. I think @method is missing from your list.
And again, I'd add the Authorization header.
"content-digest" "content-length" "content-type" are also part of the signature params.
I think it's confusing to use creation_time, signing_algorithm, and key_id instead of created, alg, and keyid respectively.
There was a problem hiding this comment.
- Replaced image with codeblock Example: signature base.
- Removed Date from header
- Removed HTTP version
- Included Authorization header
- Added to signature params: @method;
content-digest,content-length, andcontent-type - Renamed signature params:
creation_time,signing_algorithm, andkey_id
There was a problem hiding this comment.
The content headers are missing. Drop date but add authorization.
There was a problem hiding this comment.
- Replaced image with codeblock Example: signature base
- Removed Date from header
- Included Authorization header
| :::caution | ||
| This section is WIP | ||
| ::: | ||
| The [RFC8032](https://www.rfc-editor.org/rfc/rfc8032) specification permits the use of different components of an HTTP message to generate a uniquely labelled message signature. There can be multiple signatures within each HTTP message, each one generated using a different signature algorithm. |
There was a problem hiding this comment.
Should we link that spec or the part about signatures in the GNAP spec?
There was a problem hiding this comment.
Update: image is now created in light mode with solid white background.
|
If possible, please change the font used in the images. Code examples should use a monospace font (Starlight uses a system monospace font by default). For "regular" text and diagrams we should use a sans-serif font that is easier to read and doesn't look handwritten (Starlight uses a system sans-serif font by default). I believe Mermaid uses Trebuchet for its sequence diagrams, but it's not my favorite. Regular Arial would work. |
There was a problem hiding this comment.
Could this image be replaced w/ the code block component and a title? https://interledger.tech/shared/codeblock/
There was a problem hiding this comment.
Yes indeed.
Replaced the diagram with a codeblock titled 'Example: message before signature'.
There was a problem hiding this comment.
Could this image also be replaced w/ code block and title? https://interledger.tech/shared/codeblock/
Edit: Maybe not. I see now there's a light gray arrow and text referencing a line in the code.
There was a problem hiding this comment.
I think you're right. I replaced the image with the Example: signature base codeblock, and then used accompanying text to add detail.
|
Related #321 |
(1) added a reference to the GNAP spec (2) removed all but 1 diagram, in favour of using code blocks (3) corrected the original HTTP message header to exclude a Date, and to include Authorization (4) updated the signature params to include: Authorization; "content-digest" "content-length" "content-type"
…nto mt-http-sig-creation
…yments into mt-http-sig-creation
Cool and noted, thanks for the thoughtful points @melissahenderson. |
Thanks @sabineschaller - image updated to work with white or black backgrounds. |
|
|
||
| ### Signed HTTP Message | ||
|
|
||
| The original message gets signed by adding uniqeuly labelled signature headers to the original message: `Signature-Input` and `Signature`. |
There was a problem hiding this comment.
There's a typo here :) "uniqeuly"
| ::: | ||
|
|
||
| ## Use the HTTP signature Lambda function | ||
| {/* prettier-ignore */} |
There was a problem hiding this comment.
If everything from here down is no longer necessary, it can be deleted.
|
|
||
| </CodeBlock> | ||
|
|
||
| :::note |
There was a problem hiding this comment.
When I look at this note in the preview, there's a line break between the two sentences. Can you either add a space between the lines or include them together in a single paragraph? Minor thing, I know.
Updates to this doc have been in progress for a while (see #383 ). For the sake of simplicity, I've taken the changes and am merging them using this PR instead of the original.
Updates to this doc have been in progress for a while (see #383 ). For the sake of simplicity, I've taken the changes and am merging them using this PR instead of the original.
|
Updates merged with #424 |
Changes proposed in this pull request
Describes the HTTP signature creation process, including diagrams.
Context
Explains, in fairly simple terms, how the OpenPaymets API has implemented part of the HTTP message signatures draft spec.