A signed URL grants time-limited access to a protected resource.
Mint one, follow it, then tamper with it and watch verification fail.
pysigned supports symmetric key (HMAC) or asymmetric (ED25519)
(as we use here) in cases where you want to allow distributed signature verification
but not creation.
Want a quick and easy package to make signed urls in Python? Take a look
at the pysigned docs.
GET /signed
Ask the server for a freshly signed URL to a random resource.
GET /samples/{resource}
Follow the signed URL to fetch the protected resource. The dependency
verifies the sig and exp params before the
handler runs.
Verify it yourself
Want to check a signature on your own? Download the ED25519 public
keys from /jwks.json, or just run:
from pysigned import KeySet, URLAuth
keys = KeySet.from_url("https://try.pysigned.org/jwks.json")
v = URLAuth(keys)
v.verify("url from panel goes here")