This project allows you to use the python requests library with the hawk authentication mechanism.

Hawk itself does not provide any mechanism for obtaining or transmitting the set of shared credentials required, but this project proposes the following scheme (that we use accross mozilla services projects).

First, you'll need to install it:

pip install requests-hawk

Then, in your project, you can use it like that:

import requests
from requests_hawk import HawkAuth

hawk_auth = HawkAuth(
    hawk_session=resp.headers['hawk-session-token'],
    server_url=self.server_url
)
requests.post("/url", auth=hawk_auth)

Httpie is a tool which lets you do requests to a distant server in a nice and easy way. Under the hood, httpie uses the requests library. We've made it simple for you to plug hawk with it.

If you know the id and key, use it like that:

http POST localhost:5000/registration\
--auth-type=hawk --auth='id:key'

Or, if you want to use the hawk session token, you can do as follows:

http POST localhost:5000/registration\
--auth-type=hawk --auth='c0d8cd2ec579a3599bef60f060412f01f5dc46f90465f42b5c47467481315f51:'

Take care, don't forgot to add the extra : at the end of the hawk session token for it to be considered like so.

Okay, on to the actual details.

The server gives you a session token, that you'll need to derive to get the hawk credentials:

Do an HKDF derivation on the given session token. You’ll need to use the following parameters:

key_material = HKDF(hawk_session, “”, ‘identity.mozilla.com/picl/v1/sessionToken’, 32*2)

The key material you’ll get out of the HKDF need to be separated into two parts, the first 32 hex characters are the hawk id, and the next 32 ones are the hawk key:

credentials = {
    'id': keyMaterial[0:32]
    'key': keyMaterial[32:64]
    'algorithm': 'sha256'
}