Open DanOertelt opened 6 years ago
Any chance reviewing this pull request, please?
Thanks, Daniel
@DanOertelt I already did you can see my comment inline
I've to admit I'm new to Github, but I can't just locate any inline comment. And I've tried to look pretty hard. It is still possible I'm missing it, but...
Thanks, Daniel
@DanOertelt Sorry it looks like I commented but did not committed the review
@tsibelman @DanOertelt Shame this didn't go anywhere. I could really do with this feature.
@NeilBostrom it very easy to add this token in your own code, but problematic for a library to know when to add it
I was using this lib and got it working with user access key/secret, but I couldn't get it to work with temporary credentials (from assume role). Turned out I had not included X-Amz-Security-Token, and this reply helped me find it! Thank you!
I was using this lib and got it working with user access key/secret, but I couldn't get it to work with temporary credentials (from assume role). Turned out I had not included X-Amz-Security-Token, and this reply helped me find it! Thank you!
Can you please confirm if the header has to be added prior to signing the request?
I was using this lib and got it working with user access key/secret, but I couldn't get it to work with temporary credentials (from assume role). Turned out I had not included X-Amz-Security-Token, and this reply helped me find it! Thank you!
Can you please confirm if the header has to be added prior to signing the request?
X-Amz-Security-Token is added after signing. In the code I use, credentials does not always have a token (it depends on the credential used), so I use the UseToken property to know, and then the Token property as header value. This is with the C# version of AWS SDK.
Could this PR be merged? I also needed to add the token header in my code after signing, so it would be awesome if this was added as part of the sign method, being token optional.
I don't think you need this PR, you just pass your token outside here is a sample:
var signer = new AWS4RequestSigner(parts[0], parts[1]); var content = new StringContent(JsonConvert.SerializeObject(obj), Encoding.UTF8, "application/json"); var request = new HttpRequestMessage { Method = HttpMethod.Post, RequestUri = new Uri(url), Content = content }; request.Headers.TryAddWithoutValidation("X-Amz-Security-Token", parts[2]);
try
{
request = await signer.Sign(request, "execute-api", "eu-west-1");
var client = new HttpClient();
var response = await client.SendAsync(request);
var responseStr = await response.Content.ReadAsStringAsync();
var resp = JsonConvert.DeserializeObject<InvalidateCacheResponse>(responseStr);
return resp.Success;
}
catch (Exception ex)
{
ExceptionManager.Publish(ex);
}
This library works fine when using full AWS credentials however it does not work when using temporary credentials like when running on EC2 instance and using the 'embedded EC2' credentials that come from the IAM. The temporary credentials require one to add a token header, otherwise the request is not validly signed. While this can be theoretically added outside of this library, I would consider it actual part of the signing.