On 2014-09-25, 7:41 AM, Stefan Arentz wrote:
This is tough to debug with just seeing the Hawk header.
I’ve been through this myself recently when I worked on
https://github.com/st3fan/moz-storageserver, which has a (server-side)
Hawk implementation too.
For me the most useful thing was to have good unit tests. The Hawk spec
at https://github.com/hueniverse/hawk shows some example encoded
requests and you can use those requests and resulting content hashes and
request MACs in your test.
Make sure to test both GET and POST or PUT requests. With a GET the
content hash is missing while it is included with requests that have a body.
Make sure the content-type in the Hawk content hash matches the content
type of your actual request.
Further to Stefan's great answer, you should also make your test suite
match the test vectors at
https://github.com/mozilla-services/android-sync/blob/develop/src/test/java/org/mozilla/gecko/sync/net/test/TestHawkAuthHeaderProvider.java
Nick
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
