search

mhart / aws4fetch

A compact AWS client and signing utility for modern JS environments
MIT License
593 stars 39 forks source link

Signature expired on skewed system clock #73

Open saksh-05 opened 2 days ago

saksh-05 commented 2 days ago

I have a skewed system clock that I can't sync, and when I make a request, I receive an error: { "message": "Signature expired: 20241008T195522Z is now earlier than 20241008T195940Z (20241008T200440Z - 5 min.)" }

And I am also unable to pass a custom x-amz-date header value, as it gives me: "message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

This is how I am passing the header before signing the request however, aws4fetch uses the system time instead of the provided value.

const clockValue = new Date(currentSystemTime.getTime() - offset)
        .toISOString()
        .replace(/[:-]|\.\d{3}/g, "");
const request = new Request(url, {
        method: "GET",
        headers: {
          "x-amz-date": clockValue,
        },
});

And if I modify the header after signing, as shown below, I receive the following message: "message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

const signedRequest = await aws.sign(request);
const headers = {};
signedRequest.headers.forEach((value, key) => {
        headers[key] = value;
   });
headers["x-amz-date"] = clockValue;

Is there any solution I can use?

mhart commented 2 days ago

You can use the datetime parameter of fetch/sign/AwsV4Signer