Closed ahmayun closed 3 months ago
Hi @ahmayun,
The signers in Botocore are not intended to be used in external code. They're an internal implementation detail and we don't generally support use cases like this. The current issue you're hitting is you're using the wrong signer. SigV4Auth
is for all non-S3 AWS services. S3 has its own variant of SigV4 that's implemented in S3SigV4Auth
.
We do have a project in very early phases of development in https://github.com/awslabs/aws-sdk-python-signers which is intended to be our longer term option for signing.
Thank you for the response @nateprewitt! I will check out the project you mentioned.
I admit my use case is a bit strange, I need to sign some arbitrary requests.
It works with the S3SigV4Auth
!
Describe the bug
In some instances there seems to be a difference between how botocore constructs the canonical request and how S3 constructs it. Specifically, botocore seems to normalize the request URI whereas the server does not.
When the code provided in the reproduction steps section is run, a
403: SignatureDoesNotMatch
response is received. I believe the issue is because the resource URI is different. The % signs in the url are escaped by the library but not by the server.Here is the canonical request constructed by the library:
This is the canonical request constructed by the server:
I got the canonical request being constructed by the library by adding a print statement under this line
Expected Behavior
The signatures should match.
Current Behavior
Signatures do not match
Reproduction Steps
Run the following code after adding your credentials, should be self contained:
Possible Solution
No response
Additional Information/Context
No response
SDK version used
python botocore library version: 1.34.133
Environment details (OS name and version, etc.)
Darwin 80a99729a79c 23.4.0 Darwin Kernel Version 23.4.0: Fri Mar 15 00:12:25 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6030 arm64