The Slack Signature Authentication module is a Python-based solution for Flask applications to be able to authenticate POST requests coming in from Slack. The module returns HTTP code 403 for those requests that fail Slack's signature validation. The module adds a decorator that can be used for Flask routes.
Added SLSA provenance checks to every release starting with v1.0.9
You will need to install slsa-verifier first
python -m pip download --only-binary=:all: flask-slacksigauth #Downloads flask_slacksigauth-1.0.9-py3-none-any.whl
curl --location -O https://github.com/eaescob/flask-slacksigauth/releases/download/v1.0.9/multiple.intoto.jsonl
slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl \
--source-uri github.com/eaescob/flask-slacksigauth \
flask_slacksigauth-1.0.9-py3-none-any.whlCheck for - PASSED: Verified SLSA Provenance
After successful verification, package is safe to be installed.
pip install flask-slacksigauthAfter declaring your Flask API endpoints, you can decorate them to for authentication checks:
@app.route('/api', methods=['POST', 'GET'])
@slack_sig_auth
def api():
return jsonify(message='OK'), 200This will force slack signature authentication for you '/api' endoint.