Module name & Sandbox page: Hawk Auth

Hawk authentication is a module which provides Hawk protocol integration for Drupal 8. It's an alternative to OAuth based authentication and can be useful since it's simpler to handle.

Currently Hawk doesn't have any clients for testing purposes, one needs to write a script (for example with cURL) in order to be able to test it. I tested it with Drupal's REST module since that's where my primary focus was.

Clone repository

git clone --branch 8.x-1.x hawk_auth
cd hawk_auth

Manual reviews of other projects


Dragooon’s picture

Issue summary: View changes
Dragooon’s picture

Issue summary: View changes
Dragooon’s picture

Issue summary: View changes
PA robot’s picture

Status: Needs review » Needs work

Git clone failed for while invoking

Git clone failed. Aborting.

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Dragooon’s picture

Status: Needs work » Needs review

I have fixed most of the code sniffer problems, but get_t doesn't exist in Drupal 8. And I don't know why the git clone is failing for the bot, any ideas?

Dragooon’s picture

Issue summary: View changes
Issue tags: +PAReview: review bonus
Dragooon’s picture

Issue summary: View changes
edxxu’s picture

I just did a hello world test in local computer following hawk_auth/examples/example.php. I am using drupal 8.0.0-beta11. The following 2 comments are test results.

conclusion: i have to add "Accept: application/json" header to get the proper result.

edxxu’s picture

Request url: http://localhost/node/1?_format=json

Method: GET

Request header:
Authorization: Hawk id="1", ts="1435638235", nonce="GdZhKf7qh1bSdG1zm4LcscUCTahoJjxQ", mac="fEN3SWECgeKTiSNkF0B+5+EtG3d6MTc5gI4vv1OFfoo="

Response status code: 403

Response header:
Cache-Control → must-revalidate, no-cache, post-check=0, pre-check=0, private
Connection → keep-alive
Content-Encoding → gzip
Content-Type → text/html; charset=UTF-8
Content-language → en
Date → Tue, 30 Jun 2015 04:24:53 GMT
Expires → Sun, 19 Nov 1978 05:00:00 GMT
Server → nginx/1.4.6 (Ubuntu)
Transfer-Encoding → chunked
X-Content-Type-Options → nosniff
X-Drupal-Cache-Contexts → languages:language_interface route.menu_active_trails:account route.menu_active_trails:footer route.menu_active_trails:main route.menu_active_trails:tools theme user.permissions user.roles:authenticated
X-Drupal-Cache-Tags → 4xx-response block_view config:block.block.bartik_account_menu config:block.block.bartik_breadcrumbs config:block.block.bartik_content config:block.block.bartik_footer config:block.block.bartik_login config:block.block.bartik_main_menu config:block.block.bartik_messages config:block.block.bartik_powered config:block.block.bartik_tools config:block_list config:user.role.anonymous node:1 rendered
X-Generator → Drupal 8 (
X-Powered-By → PHP/5.5.9-1ubuntu4.9
X-UA-Compatible → IE=edge

edxxu’s picture

Request url: http://localhost/node/1

Method: GET

Request header:
Authorization: Hawk id="1", ts="1435638235", nonce="GdZhKf7qh1bSdG1zm4LcscUCTahoJjxQ", mac="fEN3SWECgeKTiSNkF0B+5+EtG3d6MTc5gI4vv1OFfoo="
Accept: application/json

Response status code: 200

Dragooon’s picture

I'll add some more documentation on how to create requests, Accept: application/json is valid until beta 11 but in Git HEAD it was changed to follow _format=json in URL for content negotiations (see:

edxxu’s picture

I tested Hawk Auth module with Drupal 8.0.0-beta12 today. Use query parameter '_format=json' instead of header 'Accept: application/json' can get the proper result.

skyredwang’s picture

This is a GSoC 2015 project. Additional documentation can be found at: Especially, this tutorial is good intro for developers new to Hawk Auth.

I have reviewed the work in this module as well as the dependent php library as part of the midterm evaluation for GSoC. This module is at a good start point to become a useful addon to D8. The second half of this GSoC project will make this module more complete. But, the current version of this module is already working, therefore I'd +1 to give @Dragooon full-project-access .

skyredwang’s picture

Status: Needs review » Reviewed & tested by the community
mpdonadio’s picture

Assigned: Unassigned » mpdonadio

I will try to look at this tonight or tomorrow.

mpdonadio’s picture

Assigned: mpdonadio » klausi

Automated Review

Review of the 8.x-1.x branch (commit cc9c768):

  • Coder Sniffer has found some issues with your code (please check the Drupal coding standards).
    FILE: /Users/matt/PAR/pareview_temp/hawk_auth.install
     15 | WARNING | Only string literals should be passed to t() where
        |         | possible
    Time: 547ms; Memory: 6.5Mb
  • No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

Manual Review

Individual user account
Yes: Follows the guidelines for individual user accounts.
No duplication
Yes: Does not cause module duplication and/or fragmentation.
Master Branch
[Yes: Follows / No: Does not follow] the guidelines for master branch.
Not sure if it follows the licensing requirements? The packaging script is going to add the GPLv2 license which will trump the license statement in the README>, but the composer.json mentions MIT?
3rd party assets/code
Yes: Follows the guidelines for 3rd party assets/code.
Yes: Follows the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
Yes: Follows the guidelines for project length and complexity.
Secure code
Yes: Meets the security requirements.
Coding style & Drupal API usage
Try to avoid breaking strings sent to t() across multiple lines (eg, hawk_auth_help).

The .gitignore shouldn't be in the repo; add these to your global git settings. See

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

Nothing jumped out at me this this one, but I would like @klausi to weigh in on the licensing (I think MIT needs to be explictly dropped), and also get his eyes on this from a Drupal 8 security perspective.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

cweagans’s picture

Status: Reviewed & tested by the community » Needs work

The licensing bit is a blocker. Please change the license in your composer.json to GPL2+ and remove the license statement from the Readme. The packaging system will handle adding a license file to the download on your behalf.

When this is done, ping me directly via my contact form and I will come back and approve this application.

Dragooon’s picture

Status: Needs work » Needs review

I've changed the license, thanks!

cweagans’s picture

Status: Needs review » Fixed

Thanks for your contribution!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.