Skip to content

HMAC auth check #28266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
frederickobrien wants to merge 1 commit into from
Closed

HMAC auth check #28266

frederickobrien wants to merge 1 commit into from

Conversation

@frederickobrien
Copy link
Contributor

@frederickobrien frederickobrien commented Oct 2, 2025
edited
Loading

This adds a HMAC auth check to the preview project. This is part of work on a live harness service for interactive atom development. We've added awsSecretsManager and panDomainHMAC as dependencies and added a HMAC fork in GuardianAuthWithExceptions that validates HMAC requests.

We want to be able to hit preview and this allows us to do so in a way that's consistent with existing auth checks.

@frederickobrien frederickobrien self-assigned this Oct 2, 2025
@frederickobrien frederickobrien added this to the Visuals milestone Oct 2, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 2, 2025
edited
Loading

Deploy build 5520 of dotcom:frontend-all to CODE

All deployment options

From guardian/actions-riff-raff.

@groakland groakland added the feature Departmental tracking: work on a new feature label Oct 3, 2025
@frederickobrien @jonathonherbert
HMAC auth check
37ec527 
Co-Authored-By: Jonathon Herbert <[email protected]>
@frederickobrien frederickobrien marked this pull request as ready for review October 9, 2025 10:05
@frederickobrien frederickobrien requested a review from a team as a code owner October 9, 2025 10:05
@frederickobrien
Copy link
Contributor Author

frederickobrien commented Oct 17, 2025

Following a chat with @JamieB-gu and @arelra a few open questions:

  • Does this need to be applied as widely as it currently is? Can it be limited to the Preview project?
  • Is the body of the HMAC request secure enough, can it be encrypted too?

Also plan to have a chat with @rtyley to better understand how HMAC sits in panda auth checks.

@frederickobrien
Copy link
Contributor Author

frederickobrien commented Oct 29, 2025

Closing as we've opted for a different approach (#28328).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@frederickobrien frederickobrien

Labels

feature Departmental tracking: work on a new feature

Projects

None yet

Milestone

Visuals

Development

Successfully merging this pull request may close these issues.

3 participants

@frederickobrien @groakland