Skip to content

Latest commit

 

History

History

python

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

examples

examples

 
 

tests

tests

 
 

truelayer_signing

truelayer_signing

 
 

.flake8

.flake8

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE-APACHE

LICENSE-APACHE

 
 

LICENSE-MIT

LICENSE-MIT

 
 

README.md

README.md

 
 

mypy.ini

mypy.ini

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

README.md

truelayer-signing

Python package to produce & verify TrueLayer API requests signatures.

Install

pip install truelayer-signing

Generating a signature

tl_signature = sign_with_pem(KID, PRIVATE_KEY) \
    .set_method(HttpMethod.POST) \
    .set_path(path) \
    .add_header("Idempotency-Key", idempotency_key) \
    .set_body(body) \
    .sign()

See full example.

Verifying webhooks

The verify_with_jwks function may be used to verify webhook Tl-Signature header signatures.

# `jku` field is included in webhook signatures
jws_header = extract_jws_header(webhook_signature).jku

# check `jku` is an allowed TrueLayer url & fetch jwks JSON (not provided by this lib)
ensure_jku_allowed(jku)
jwks = fetch_jwks(jku)

# jwks may be used directly to verify a signature
verify_with_jwks(jwks, jws_header) \
    .set_method(HttpMethod.POST) \
    .set_path(path) \
    .add_headers(headers) \
    .set_body(body) \
    .verify(tl_signature)

See webhook server example.