Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 101 Commits
.github/workflows		.github/workflows
crates		crates
examples		examples
packages		packages
.gitignore		.gitignore
.prettierrc		.prettierrc
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
eslint.config.mjs		eslint.config.mjs
package-lock.json		package-lock.json
package.json		package.json

Repository files navigation

Web Bot Auth

Repository presenting authentication for orchestrated agents navigating the web.It implements all components required by Web Bot Authentication defined bydraft-meunier-web-bot-auth-architecture, and presentsexamples.

Tables of Content

Examples

Live deployment

Cloudflare Research provides a live environment athttp-message-signatures-example.research.cloudflare.com.

This deployment allows to test your implementation.

It validates the presence of aSignature header signedRFC9421 ed25519 test key,
It exposes a bot directory on/.well-known/http-message-signatures-directory,
It provides explanation about the protocol.

Signing

Example	Description
Browser extension	Adds a`Signature` on every outgoing request
Rust	Signs a hardcoded test request

Verifying

Example	Description
Cloudflare Workers	Verify RFC 9421`Signature` for every incoming request
Caddy Plugin	Verify RFC 9421`Signature` for every incoming request
Rust	Verify a sample test request

Development

This repository usesnpm andcargo workspaces. There are several packages which it provides:

Package	Language	Description
http-message-sig	TypeScript	HTTP Message Signatures as defined in RFC 9421
jsonwebkey-thumbprint	TypeScript	JWK Thumbprint as defined in RFC 7638
web-bot-auth	TypeScript	HTTP Message Signatures for Bots as defined in draft-meunier-web-bot-auth-architecture
web-bot-auth	Rust	HTTP Message Signatures for Bots as defined in draft-meunier-web-bot-auth-architecture
http-signature-directory	Rust	Validates whether an HTTP message signature directory is correctly signed and valid

Security Considerations

This software has not been audited. Please use at your sole discretion.

License

This project is under the Apache 2.0 license.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be Apache 2.0 licensed as above, without any additional terms or conditions.