search

jonsaw / amazon-cognito-identity-dart

Unofficial Amazon Cognito Identity Provider Dart SDK, to easily add user sign-up and sign-in to your mobile and web apps with AWS.
MIT License
205 stars 93 forks source link

The request signature we calculated does not match the signature you provided. #35

Closed BerndWessels closed 5 years ago

BerndWessels commented 5 years ago

When I am using GET the request succeeds.

But when I use POST I get this error response

The request signature we calculated does not match the signature you provided. ...

Is there a problem with POST and signing for API Gateway ?

BerndWessels commented 5 years ago

Whoa, I found it

I got that error response from AWS

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'
POST
/default/flutter
tracking=x123
accept:application/json
content-type:application/json; charset=utf-8
...

and I debugged sig_v4.dart and logged the canonicalRequest in buildCanonicalRequest:

POST
/default/flutter
tracking=x123
accept:application/json
content-type:application/json

So basically AWS expects content-type:application/json; charset=utf-8 but the plugin only provides content-type:application/json.

To fix this I changed in sig_v4.dart from const _default_content_type = 'application/json'; to const _default_content_type = 'application/json; charset=utf-8'; and that makes POST work.

@jonsaw Do you want to review this? I can create a PR or you just fix it?

jonsaw commented 5 years ago

Thanks for the PR @BerndWessels . Content-Type varies from API implementations in AWS services. I think the best way, for now, is to overwrite your own Content-Type when calculating the Signature.

KhuramKhalid commented 5 years ago

Hi @BerndWessels I'm getting the same error when using POST with DynamoDB. However, I do not see the detailed error message. How did you get the detailed message which explains the error in signatures? All I see in response is "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.".

Below is my code.

final userPool = new CognitoUserPool(USER_POOL_ID, APP_CLIENT_ID,
          storage: customStore);

final user = await userPool.getCurrentUser();

final session = await user.getSession();

final credentials = CognitoCredentials(IDENTITY_POOL_ID, userPool);

await credentials.getAwsCredentials(session.getIdToken().getJwtToken());

String identityId = await CognitoIdentityId(IDENTITY_POOL_ID, userPool)
          .getIdentityId(session.getIdToken().getJwtToken());

final awsSigV4Client = new AwsSigV4Client(
          credentials.accessKeyId,
          credentials.secretAccessKey,
          'https://dynamodb.$AWS_REGION.amazonaws.com',
          serviceName: 'dynamodb',
          sessionToken: credentials.sessionToken,
          region: AWS_REGION);

final signedRequest = new SigV4Request(awsSigV4Client,
          method: 'POST',
          path: '',
          headers: new Map<String, String>.from({
            'X-Amz-Target': 'DynamoDB_20120810.PutItem',
            'Host': 'dynamodb.$AWS_REGION.amazonaws.com'
          }),
          body: new Map<String, dynamic>.from({
            'TableName': 'watch_later',
            'Item': asset.toDynamoJson(identityId)
          }));
BerndWessels commented 5 years ago

@KhuramKhalid hi, maybe I got lucky that API Gateway returns the more detailed error response - I just got it from the exception thrown.

If you get completely stuck I suggest creating a Amplify Web Project and inspect the network traffic for the same AWS calls - this should help figuring out what the difference between your flutter request and a working request from a webclient is (in the end they must be the same).

KhuramKhalid commented 5 years ago

Turns out the issue was with the http client. Instead I used the raw HttpClient from the same package (http.dart) and it worked. Below is what I changed.

Instead of this:

response = await http.post(signedRequest.url,
            headers: signedRequest.headers, body: signedRequest.body);

I did this:

HttpClient client = new HttpClient();

        client.postUrl(Uri.parse(signedRequest.url))
            .then((HttpClientRequest request) {

          signedRequest.headers.forEach((headerName, headerValue) {
            request.headers.add(headerName, headerValue);
          });

          request.write(signedRequest.body);

          return request.close();

        });