search

aws / amazon-neptune-gremlin-dotnet-sigv4

A custom library for Amazon Neptune that enables AWS Signature Version 4 signing by extending the Apache TinkerPop Gremlin .NET client.
Apache License 2.0
8 stars 6 forks source link

Session token is missing from signed request headers #1

Open kyo-jin opened 2 years ago

kyo-jin commented 2 years ago

The session token is missing from the call to Sign(), which causes authentication to fail when using temporary IAM credentials (e.g. using SSO to get temporary credentials).

https://github.com/aws/amazon-neptune-gremlin-dotnet-sigv4/blob/7a903ac0e28df2e1e6520add3197f3429c3a3693/src/SigV4RequestSigner.cs#L81-L87

Since Sign() does set the session token if one is provided, the fix should be straightforward:

var signedrequest = this.Sign(request, "neptune-db", _region, _token);
return new Action<ClientWebSocketOptions>(options => {
    options.SetRequestHeader("host", neptune_endpoint);
    options.SetRequestHeader("x-amz-date", signedrequest.Headers.GetValues("x-amz-date").FirstOrDefault());
    options.SetRequestHeader("x-amz-security-token", signedrequest.Headers.GetValues("x-amz-security-token").FirstOrDefault());
    options.SetRequestHeader("Authorization", signedrequest.Headers.GetValues("Authorization").FirstOrDefault());
Mostafa-Armandi commented 6 months ago

This change resolved my issue, Otherwise, I would keep getting the following error while contacting the Neptune endpoint

The server returned status code '403' when status code '101' was expected.

This PR #2 should be reopened and merged for sure.