Mohawk is an alternate Python implementation of the
Hawk HTTP authorization scheme.
Hawk lets two parties securely communicate with each other using
messages signed by a shared key.
It is based on HTTP MAC access authentication (which
was based on parts of OAuth 1.0).
The Mohawk API is a little different from that of the Node library.
It was redesigned to be more intuitive to developers, less prone to security
problems, and more Pythonic.
Mohawk is a low level library that focuses on Hawk communication.
The following higher-level libraries integrate Mohawk
into specific web frameworks:
- Implement bewit. The bewit URI scheme is not implemented at this time.
- Support SNTP synchronization for local server time.
- Support auto-retrying a mohawk.Sender request with an offset if
there is timestamp skew.
- 0.2.1 (2014-03-03)
- Fixed Python 2 bug in how unicode was converted to bytes
when calculating a payload hash.
- 0.2.0 (2014-03-03)
- Added support for Python 3.3 or greater.
- Added support for Python 2.6 (this was just a test suite fix).
- Added six as dependency.
- mohawk.Sender.request_header and
mohawk.Receiver.response_header are now Unicode objects.
They will never contain non-ascii characters though.
- 0.1.0 (2014-02-19)
- Implemented optional content hashing per spec but in a less error prone way
- Added complete documentation
- 0.0.4 (2014-02-11)
- Bug fix: response processing now re-uses sender’s nonce and timestamp
per the Node Hawk lib
- No longer assume content-type: text/plain if content type is not
- 0.0.3 (2014-02-07)
- Bug fix: Macs were made using URL safe base64 encoding which differs
from the Node Hawk lib (it just uses regular base64)
- exposed localtime_in_seconds on TokenExpired exception
per Hawk spec
- better localtime offset and skew handling
- 0.0.2 (2014-02-06)
- Responding with a custom ext now works
- Protected app and dlg according to spec when accepting responses
- 0.0.1 (2014-02-05)
- initial release of partial implementation