Closed flowcharterappowner closed 4 years ago
Hi @flowcharterappowner 👋
Are you doing signed requests to an S3 bucket? This is not something I've added support for so far, but I'm on it.
Hi arne,
Actually, I'm trying to do CRUD to the dynamodb service. The amazon docs confuse. They talk about some headers needing to be signed, and others not, and a lot of it refers to simpledb, which isn't even a thing anymore. I download their java sdk for low-level dynamo db access. I'm trying to reverse engineer how it packages and signs a request. Not easy. I think the easiest solution would be for you to try your library with dynamodb, and confirm it's ust me doing something stupid. Fingers crossed. Thanks for the response,
Ian
On Wed, Jan 8, 2020 at 8:25 PM Arne Molland notifications@github.com wrote:
Hi @flowcharterappowner https://github.com/flowcharterappowner 👋
Are you doing signed requests to an S3 bucket? This is not something I've added support for so far, but I'm on it.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/arnemolland/sigv4/issues/5?email_source=notifications&email_token=AMTBQVKFRJNFNRR7BMGMUETQ4WLYZA5CNFSM4KED26J2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEILXM3I#issuecomment-571962989, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMTBQVLKLHWWJWC332USVALQ4WLYZANCNFSM4KED26JQ .
I think the issue is that the header x-amz-content-sha256 is not included in the generated request headers.
Also, I notice postman does not add the Accept header in the Authorisation object.
I managed to verify that your code does create the correct signing keys, as shown on this page:
https://docs.amazonaws.cn/en_us/general/latest/gr/signature-v4-examples.html
It shows example parameters, and the expected values.
But when I compare my signature with the one that is generated by postman, it differs, and is rejected. AWS is happy with the postman signature.
So, perhaps the string to sign is slightly different to the one postman uses ? Unfortunately, postman shows the generated auth header, but not the inputs to its signing function.
I’ve made a patch that should fix this issue (#6)
I’m pushing to pub as soon as I’m getting hold of my PC👌
Wow, exciting news. In the end I came to the conclusion that the issue is with the 'string to sign' - the postman app must know how to format it, and the AWS docs are missing something. Anyway, looking fwd to trying your fix...
My flutter is up to date.
Because every version of flutter_test from sdk depends on crypto 2.1.3 and sigv4 >=3.1.1 depends on crypto ^2.1.4, flutter_test from sdk is incompatible with sigv4 >=3.1.1.
BTW- currently on the beta channel. I'll try switching to stable.
Moved my code out of test and removed flutter_test from yaml to remove the above error. Did you test your code with a non-null body ? I think it doesn't work.
A final comment on this issue... I believe your signing code works fine. So far, though, A had my WS always tells me that my signature does not match. This means the 'string to sign' must be mis-formatted in some way, but because you cannot unhash the signature it is impossible to see why.
Conclusion: After a week of banging my head against the wall, I will try using their API Gateway instead.
If you manage to get a POST example working with dynamodb, I'll be very happy to hear about it.
Many thanks.
Sorry I’ve been busy as of late. I’m adding some integration tests and will look further into the issue.
I have set up postman to exercise the dynamodb REST API. Works Great.
From dart, using your library, the generated signature gets rejected. It doesn't generate the content length header, but perhaps more significantly, postman generateds the x-amz-content-sha256 header.
Am I missing something ?