Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support HMAC authorization schemes

See original GitHub issue

Hi RTK Team. First off, I’m a big fan of rtk, and excited for the direction this project is heading in. Thank you for your efforts!

Currently, prepareHeaders has this signature¹:

;(
  headers: Headers,
  api: {
    getState: () => unknown
    extra: unknown
    endpoint: string
    type: 'query' | 'mutation'
    forced: boolean | undefined
  }
) => Headers

Problem:

HMAC authorization schemes typically involve hashing the request method, path, query params, and body (among others) and adding the hash result as an authorization header².

Ideally, the mentioned values would be available to consumers within the prepareHeaders function

Proposal:

Add params to prepareHeaders at call time

config (https://github.com/reduxjs/redux-toolkit/blob/v1.8.1/packages/toolkit/src/query/fetchBaseQuery.ts#L197). This gives access to the request body and method
url (https://github.com/reduxjs/redux-toolkit/blob/v1.8.1/packages/toolkit/src/query/fetchBaseQuery.ts#L191). This allows parsing out host and/or path
params https://github.com/reduxjs/redux-toolkit/blob/v1.8.1/packages/toolkit/src/query/fetchBaseQuery.ts#L192. This allows parsing out query params

Issues

There isn’t an HMAC ‘spec’ that I’m aware of, so different implementations end up wanting different parts of the request details hashed. I think the above proposal covers the common implementation areas but its likely not 100%

References: