Rest API calls give 401 Unauthorized in response since Magento 2.4.6

[jorgb90]

Preconditions and environment

• Magento 2.4.6

Steps to reproduce

1. Create a product with a SKU with special characters, for example a forward slash.
2. Try to PUT or GET its stock or info through the REST API, see more info below in the comments.

Expected result

Working REST API.

Actual result

[Error message: 401 Unauthorized: The signature is invalid. Verify and try again.]

Additional information

Update 1 After debugging I found out that because of special characters in our SKU the signature comparison fails. Read below for more info and check https://github.com/magento/magento2/issues/37278#issuecomment-1478635403

Update 2 It should be a special character not allowed in an URL, so for example a forward slash which gets replaced by Hex. https://github.com/magento/magento2/issues/37278#issuecomment-1481245655

Updated above steps to be more in line with the problem.

Release note

No response

Triage and priority

• [X] Severity: S0 - Affects critical data or functionality and leaves users without workaround.
• [ ] Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
• [ ] Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
• [ ] Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
• [ ] Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.

[hostep]

They just merged a fix for ticket with name ACP2E-2969: REST API unable to make requests with slash (/) in SKU when using Oauth1, merge commit here: https://github.com/magento/magento2/commit/69ee14d68d08866149efc43799422143244a3021

@jorgb90: it sounds very related to this issue, do you think this could be the fix for this issue?