Closed antonio-muniz closed 6 years ago
After more testing, I realized the problem only occurred if I copied the headers to Postman to send the request, which I was doing at first. Calling directly from a Ruby client works perfectly. Perhaps Postman is removing the Date
header from the request for some reason.
Closing the issue! :green_book:
Hello there, I'm having some problems while trying to authenticate incoming requests in a Rails application (
ActionDispatch
requests).I'm signing a request using
Net::HTTP
this way:signed_request
contains headers like these:Problem
I copy those headers into Postman and send a request to my Rails application, but
ApiAuth.authentic?
returns false, even though I'm using the exact same secret key that generated the signature.After some testing and checking the source code, I noticed that the lib looks for the
Date
header as eitherDATE
orHTTP_DATE
, but those are nowhere to be found in the request.Output of
request.env.keys
:Then, the lib defaults the timestamp to empty string, causing an error to be raised in this function:
I'm using:
Has anyone ran into this? Is this really a bug/incompatibility? (I'm sorry if I'm misunderstanding something, I'm kind of new to Ruby and Rails.)
Any help is appreciated!