search

aws-amplify / amplify-flutter

A declarative library with an easy-to-use interface for building Flutter applications on AWS.
https://docs.amplify.aws
Apache License 2.0
1.31k stars 242 forks source link

[signature v4] api working on chrome but giving error on firefox #2257

Closed viJay-beep-code closed 1 year ago

viJay-beep-code commented 1 year ago

Description

I am using 'aws_signature_v4' plugin with following code to connect AWS REST API using IAM authentication. It's working fine on Google Chrome but giving errors in Firefox.

import 'package:aws_signature_v4/aws_signature_v4.dart';
const signer = AWSSigV4Signer();
    final scope = AWSCredentialScope(
      region: 'ap-south-1',
      service: AWSService.apiGatewayManagementApi,
    );
final request = AWSHttpRequest(
      method: AWSHttpMethod.post,
      uri: Uri.https('<URL>', 'PATH'),
      headers: const {
        AWSHeaders.contentType: 'application/json;charset=utf-8',
      },
      body: json.encode(payload).codeUnits,
    );

    // Sign and send the HTTP request
    final signedRequest = await signer.sign(
      request,
      credentialScope: scope,
    );

    final resp = await signedRequest.send();

Error:

{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
<PATH>
content-type:application/json;charset=utf-8
host: <URL>
x-amz-content-sha256: <Key>
x-amz-date:20221017T065918Z
x-amz-user-agent:aws-sigv4-dart/0.2.2

content-type;host;x-amz-content-sha256;x-amz-date;x-amz-user-agent
<Key-1>

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20221017T065918Z
20221017/ap-south-1/execute-api/aws4_request
<Key-2>
"
}

Categories

Steps to Reproduce

No response

Screenshots

No response

Platforms

Android Device/Emulator API Level

No response

Environment

[✓] Flutter (Channel stable, 3.3.0, on macOS 12.3 21E230 darwin-x64, locale
    en-GB)
[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0)
[✓] Xcode - develop for iOS and macOS (Xcode 13.3)
[✓] Chrome - develop for the web
[✓] Android Studio (version 2021.3)
[✓] VS Code (version 1.71.2)
[✓] Connected device (2 available)
[✓] HTTP Host Availability

Dependencies

.

Device

MacBook

OS

macOS 12.3

Deployment Method

Amplify CLI + Custom Pipeline

CLI Version

No response

Additional Context

No response

Amplify Config

{}

dnys1 commented 1 year ago

Hi @viJay-beep-code - I'm working on reproducing this issue. I don't see anything out of the ordinary - is your JSON payload only ASCII characters? Could you try with utf8.encode(json.encode(payload)) if not?

viJay-beep-code commented 1 year ago

Hello @dnys1 , thanks for your time. My current payload is only ASCII. I also tried your suggestion on using utf8.encode(json.encode(payload)) , but result is same error.

Here is the curl request from firefox browser curl 'https://<.....>' -X POST -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Referer: http://localhost:55804/' -H 'Content-Type: application/json;charset=utf-8' -H 'X-Amz-Date: 20221019T095205Z' -H 'X-Amz-Content-Sha256: {.....}' -H 'X-Amz-User-Agent: aws-sigv4-dart/0.2.2' -H 'Authorization: AWS4-HMAC-SHA256 Credential={......}, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-user-agent, Signature={....}' -H 'Origin: http://localhost:55804' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: cross-site' -H 'TE: trailers' --data-raw '[object ReadableStream]'

And here is response header

HTTP/2 403 Forbidden
content-type: application/json
content-length: 843
date: Wed, 19 Oct 2022 09:52:06 GMT
x-amzn-requestid: e265d020-53c8-48e1-a4f5-652b99a4c9c3
access-control-allow-origin: *
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-SHA256,X-Amz-User-Agent
x-amzn-errortype: InvalidSignatureException
x-amz-apigw-id: {......}
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
x-cache: Error from cloudfront
via: 1.1 e44070691669fda7111d97fca7fa71ea.cloudfront.net (CloudFront)
x-amz-cf-pop: DEL51-P3
x-amz-cf-id: {.......}
dnys1 commented 1 year ago

Thank you for the additional info. Can I ask which version of Firefox you're using?

viJay-beep-code commented 1 year ago

version is 105 (must be latest) I installed it few days back no addons

dnys1 commented 1 year ago

Thank you. In your curl request, I see --data-raw '[object ReadableStream]' but this is obviously not correct - can you confirm that in Firefox, the actual bytes are being sent in the request body?

viJay-beep-code commented 1 year ago

This is the sample json payload that I am sending in the request body

{
   "data":[
      {
         "id":"String",
         "number":"String",
         "name":"john"
      },
      ........
   ],
   "id":"String",
   "org":"String",
   "object":"String",
   "name":"String",
   "source": int
  ........
}

How to check for the bytes in browser? Plugin accepts body type as List. And under browsers network tab it is visible as this way only not actual json data. Here is curl from chrome, where body shows as --compressed but it's working fine.

curl 'https://<.....>' \
  -X 'POST' \
  -H 'authority: ......amazonaws.com' \
  -H 'accept: */*' \
  -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
  -H 'authorization: AWS4-HMAC-SHA256 Credential={........}, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-user-agent, Signature={........}' \
  -H 'content-type: application/json;charset=utf-8' \
  -H 'origin: .........' \
  -H 'referer: ...........' \
  -H 'sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' \
  -H 'x-amz-content-sha256: {.........}' \
  -H 'x-amz-date: 20221020T044004Z' \
  -H 'x-amz-user-agent: aws-sigv4-dart/0.2.2' \
  --compressed
dnys1 commented 1 year ago

Thank you for the additional information, @viJay-beep-code. I will do some more investigation on my end.

dnys1 commented 1 year ago

Hi @viJay-beep-code, I apologize for the delayed response on this issue. Are you still facing this issue? I have tried several different ways, but haven't been able to reproduce it yet.

dnys1 commented 1 year ago

Closing for now. Please reopen if you continue to face this issue.