2
0
mirror of https://codeberg.org/kiss-community/repo synced 2025-01-06 18:00:10 -07:00
repo/core/curl/files/CURLOPT_AWS_SIGV4.3
2024-09-25 00:13:55 -05:00

96 lines
3.5 KiB
Groff

.\" generated by cd2nroff 0.1 from CURLOPT_AWS_SIGV4.md
.TH CURLOPT_AWS_SIGV4 3 "2024-09-25" libcurl
.SH NAME
CURLOPT_AWS_SIGV4 \- V4 signature
.SH SYNOPSIS
.nf
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param);
.fi
.SH DESCRIPTION
Provides AWS V4 signature authentication on HTTP(S) header.
Pass a char pointer that is the collection of specific arguments are used for
creating outgoing authentication headers. The format of the \fIparam\fP option
is:
.IP provider1[:provider2[:region[:service]]]
.IP "provider1, provider2"
The providers arguments are used for generating some authentication parameters
such as "Algorithm", "date", "request type" and "signed headers".
.IP region
The argument is a geographic area of a resources collection.
It is extracted from the hostname specified in the URL if omitted.
.IP service
The argument is a function provided by a cloud. It is extracted from the
hostname specified in the URL if omitted.
.PP
NOTE: This call set \fICURLOPT_HTTPAUTH(3)\fP to CURLAUTH_AWS_SIGV4. Calling
\fICURLOPT_HTTPAUTH(3)\fP with CURLAUTH_AWS_SIGV4 is the same as calling this with
\fB"aws:amz"\fP in parameter.
Example with "Test:Try", when curl uses the algorithm, it generates
\fB"TEST\-HMAC\-SHA256"\fP for "Algorithm", \fB"x\-try\-date"\fP and \fB"X\-Try\-Date"\fP
for "date", \fB"test4_request"\fP for "request type",
\fB"SignedHeaders=content\-type;host;x\-try\-date"\fP for "signed headers"
If you use just "test", instead of "test:try", test is used for every
generated string.
Setting \fICURLOPT_HTTPAUTH(3)\fP with the CURLAUTH_AWS_SIGV4 bit set is the same as
setting this option with a \fB"aws:amz"\fP parameter.
The application does not have to keep the string around after setting this
option.
Using this option multiple times makes the last set string override the
previous ones. Set it to NULL to disable its use again.
.SH DEFAULT
NULL
.SH PROTOCOLS
This functionality affects http only
.SH EXAMPLE
.nf
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL,
"https://service.region.example.com/uri");
curl_easy_setopt(curl, CURLOPT_AWS_SIGV4, "provider1:provider2");
/* service and region can also be set in CURLOPT_AWS_SIGV4 */
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/uri");
curl_easy_setopt(curl, CURLOPT_AWS_SIGV4,
"provider1:provider2:region:service");
curl_easy_setopt(curl, CURLOPT_USERPWD, "MY_ACCESS_KEY:MY_SECRET_KEY");
curl_easy_perform(curl);
}
}
.fi
.SH NOTES
This option overrides the other auth types you might have set in
\fICURLOPT_HTTPAUTH(3)\fP which should be highlighted as this makes this auth method
special. This method cannot be combined with other auth types.
A sha256 checksum of the request payload is used as input to the signature
calculation. For POST requests, this is a checksum of the provided
\fICURLOPT_POSTFIELDS(3)\fP. Otherwise, it is the checksum of an empty buffer. For
requests like PUT, you can provide your own checksum in an HTTP header named
\fBx\-provider2\-content\-sha256\fP.
For \fBaws:s3\fP, a \fBx\-amz\-content\-sha256\fP header is added to every request if
not already present. For s3 requests with unknown payload, this header takes
the special value "UNSIGNED\-PAYLOAD".
.SH AVAILABILITY
Added in curl 7.75.0
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH SEE ALSO
.BR CURLOPT_HEADEROPT (3),
.BR CURLOPT_HTTPAUTH (3),
.BR CURLOPT_HTTPHEADER (3),
.BR CURLOPT_PROXYAUTH (3)