AuthHMAC is a Ruby library for HMAC based authentication of HTTP Requests. Will work in net/http, ActiveResource and Rails controllers.
HMAC authentication involves a client and server having a shared secret key. When sending the request the client, signs the request using the secret key. This involves building a canonical representation of the request and then generating a HMAC of the request using the secret. The generated HMAC is then sent as part of the request.
When the server receives the request it builds the same canonical representation and generates a HMAC using it's copy of the secret key, if the HMAC produced by the server matches the HMAC sent by the client, the server can be assured that the client also possesses the shared secret key.
HMAC based authentication also provides message integrity checking because it is based on a combination of the content and the shared secret of the request.
So if any part of the request that is used to build the canonical representation is modified by a malicious party or in transit the authentication will then fail.
AuthHMAC was built to support authentication between various applications build by Peerworks.
AuthHMAC is loosely based on the Amazon Web Services authentication scheme but without the Amazon specific components, i.e. it is HMAC for the rest of us.
HMAC Authentication is best used as authentication for communication between applications such as web services. It provides better security than HTTP Basic authentication without the need to set up SSL.
Of course if you need to protect the confidentiality of the data then you need SSL, but if you just want to authenticate requests without sending credentials in the clear AuthHMAC is a good choice.
NOTE: AuthMAC is licensed and provided under the terms of the MIT License.
What's New in This Release: [ read full changelog ]
· Fixed bug in headers on recent versions of Ruby.
Find us on Google+
Universal Binary 
