search

mhart / aws4

Signs and prepares Node.js requests using AWS Signature Version 4
MIT License
703 stars 176 forks source link

Can we use this for execute-api service? #124

Closed lakshmi-narasimhan26 closed 3 years ago

lakshmi-narasimhan26 commented 3 years ago

Hello,

Can we use this aws4.sign() to sign requests for execute-api services? I am finding few issues with region. Let me know if this is possible.

mhart commented 3 years ago

Yep, you definitely can

lakshmi-narasimhan26 commented 3 years ago

Hello, Thanks for getting back,

Right now I am facing few issues while making a signed headers.

I am trying to get signed headers for selling partner API. please refer below for the code snippet.

let headers = {
    host: 'sandbox.sellingpartnerapi-eu.amazon.com',
     method: 'GET',
     path: "/orders/v0/orders/123-1234567-1234567",
     region: 'eu-west-1',
     service: 'execute-api',
     headers: {
       'Content-Type': 'application/json',
       'x-amz-access-token': "Atza|IwEBIFkNUUVWDwGOZWHS6SdIUF9ubTO6sx3lRzvET44aAWgrcvk7v... <omitted>",
       'x-amz-date': moment.utc(new Date().toISOString()).format('YYYYMMDD[T]HHmmss[Z]'),
       'user-agent': 'Test/2.0 (Language=JavaScript; Platform=macOS/11)'
     }
  };
   const signed = aws4.sign(headers, {
     accessKeyId: 'AKIASSL.. <omitted>',
     secretAccessKey: '9qPB1IOFg.. <omitted>'
   });

In the above case, after getting the signed headers, the region in signed headers is explicitly being set to us-east-1 . I am getting us-east-1 as my region in my result (signed header) instead of eu-west-1. In some cases I am getting IND / US as my region in signed headers.

Just because of the region mismatch, I not able to get success responses from the Selling Partner API. Please let me know If Im missing something. Thanks :))

mhart commented 3 years ago

Hi @lakshmi-narasimhan26 – when I run the above code I see eu-west-1 as the region in the signature.

Can you please show me the output of signed from your code (you can omit the end of the Authorization header)

mhart commented 3 years ago

(also it's probably less confusing if you call the outer variable "options" instead of "headers" – headers is a property within options)

lakshmi-narasimhan26 commented 3 years ago

My Options:

let options = {
    host: 'sandbox.sellingpartnerapi-eu.amazon.com',
     method: 'GET',
     path: "/orders/v0/orders/123-1234567-1234567",
     region: 'eu-west-1',
     service: 'execute-api',
     headers: {
       'Content-Type': 'application/json',
       'x-amz-access-token': "Atza|IwEBICalJKqdmDoNP27_XkuNT8IdkJH... <omitted>",
       'x-amz-date': moment.utc(new Date().toISOString()).format('YYYYMMDD[T]HHmmss[Z]'),
       'user-agent': 'Test/2.0 (Language=JavaScript; Platform=macOS/11)'
     }
  };
  const signed = aws4.sign(headers, {
    accessKeyId: 'AKIASSLRYXLBTMVHMF7J',
    secretAccessKey: '9qPB1IOFg... <omitted>'
  });

Signed:

{ host: 'sandbox.sellingpartnerapi-eu.amazon.com',
     method: 'GET',
     path: '/orders/v0/orders/123-1234567-1234567',
     region: 'eu-west-1',
     service: 'execute-api',
     headers:
      { 'Content-Type': 'application/json',
        'x-amz-access-token':
         'Atza|IwEBICalJKqdmDoNP27_XkuNT8IdkJHy0evuq7vTd... <ommited>',
        'user-agent': 'Test/2.0 (Language=JavaScript; Platform=macOS/11)',
        'x-amz-date': '20210203T083115Z',
        Host: 'sandbox.sellingpartnerapi-eu.amazon.com',
        Authorization:
         'AWS4-HMAC-SHA256 Credential=AKIASSLRYXLBTMVHMF7J/20210203/us-east-1/execute-api/aws4_request, SignedHeaders=content-type;host;x-amz-access-token;x-amz-date, Signature=21fe7a4a6acd432ca83da79684a517fc2a25fc6da4a007665cf2ea6b7fe48eea' } }

Note: Facing Somthing weird. This issue is happening only when I deploy this somewhere (eg: AWS EC2). Only the region in Authorization getting replaced as us-east-1. In my local environment its working as expected.

Please let us know if we are missing something on this. Thanks :))

mhart commented 3 years ago

Not really sure to be honest – just sounds like it's something to do with your code or setup. There's no way you can get that output if you've hardcoded the region as a string like that

Are you sure that's the exact code you're using when you deploy, or are you using variables instead of hardcoded strings?

It doesn't make sense that it would output something different locally if you're using exactly the same code with hardcoded strings and no difference in variables

mhart commented 3 years ago

Also, the code you posted shouldn't actually work – I don't think you've run it ( the variable names don't match)

mhart commented 3 years ago

You've got:

let options = {
// ...
}
const signed = aws4.sign(headers, {
// ...
}

So I don't think you're actually posting the real code you're using

stelrq commented 3 years ago

having the same issue https://codesandbox.io/s/node-playground-forked-k3dlc?fontsize=14&hidenavigation=1&theme=dark

mhart commented 3 years ago

Closing this due to lack of action