Enhanced request signing with domain verification (v1.1)#220
Open
Enhanced request signing with domain verification (v1.1)#220
Conversation
Implements cryptographic signing of OpenRTB requests that includes publisher domain verification and replay protection. The signed payload now includes: - Key ID (kid) - Request host - Request scheme - Request ID - Unix timestamp This prevents request tampering and domain spoofing by ensuring the signature is bound to the originating publisher domain. Changes: - Add version and ts fields to TrustedServerExt - Add SigningParams struct and sign_request() method - Update PrebidAuctionProvider to use enhanced signing - Add comprehensive tests for payload construction and signing
ChristianPavilonis
requested changes
Feb 3, 2026
Collaborator
There was a problem hiding this comment.
pretty good, a couple nit picks.
Opening an issue on mocktioneer to verify new signature payload: stackpop/mocktioneer#30
deployed test site with this (verification broken until mocktioneer updated) but the TS side is working.
| request_scheme, | ||
| timestamp: std::time::SystemTime::now() | ||
| .duration_since(std::time::UNIX_EPOCH) | ||
| .map(|d| d.as_secs()) |
Collaborator
There was a problem hiding this comment.
Should use milliseconds to stay in line with the rest of the openrtb spec.
| let signature = signer.sign(id.as_bytes())?; | ||
| let params = SigningParams::new( | ||
| id.to_string(), | ||
| request_host.clone(), |
Collaborator
There was a problem hiding this comment.
You don't have to clone here if you use params.request_host and params.request_scheme on lines 544-545
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
kid:request_host:request_scheme:id:tsversion("1.1") andts(Unix timestamp) fields toext.trusted_serverThis prevents request tampering and domain spoofing by ensuring the signature is cryptographically bound to the originating publisher domain.
Changes
versionandtsfields toTrustedServerExtSigningParamsstruct,SIGNING_VERSIONconstant, andsign_request()methodPrebidAuctionProviderandenhance_openrtb_requestto use enhanced signingOutput Format
{ "ext": { "trusted_server": { "version": "1.1", "kid": "ts-2026-01-A", "request_host": "publisher.com", "request_scheme": "https", "ts": 1738527600, "signature": "base64-encoded-ed25519-signature" } } }Test plan
cargo build --release)cargo clippy)