tsibelman / aws-signer-v4-dot-net

Sign HttpRequestMessage using AWS Signature v4 using request information and credentials.
Apache License 2.0
72 stars 27 forks source link

Adding support of Token for Temporary Credentials #1

Open DanOertelt opened 6 years ago

DanOertelt commented 6 years ago

This library works fine when using full AWS credentials however it does not work when using temporary credentials like when running on EC2 instance and using the 'embedded EC2' credentials that come from the IAM. The temporary credentials require one to add a token header, otherwise the request is not validly signed. While this can be theoretically added outside of this library, I would consider it actual part of the signing.

DanOertelt commented 6 years ago

Any chance reviewing this pull request, please?

Thanks, Daniel

tsibelman commented 6 years ago

@DanOertelt I already did you can see my comment inline

DanOertelt commented 6 years ago

I've to admit I'm new to Github, but I can't just locate any inline comment. And I've tried to look pretty hard. It is still possible I'm missing it, but...

Thanks, Daniel

tsibelman commented 6 years ago

@DanOertelt Sorry it looks like I commented but did not committed the review

NeilBostrom commented 5 years ago

@tsibelman @DanOertelt Shame this didn't go anywhere. I could really do with this feature.

tsibelman commented 5 years ago

@NeilBostrom it very easy to add this token in your own code, but problematic for a library to know when to add it

joelbyren commented 5 years ago

I was using this lib and got it working with user access key/secret, but I couldn't get it to work with temporary credentials (from assume role). Turned out I had not included X-Amz-Security-Token, and this reply helped me find it! Thank you!

emonhaider commented 4 years ago

I was using this lib and got it working with user access key/secret, but I couldn't get it to work with temporary credentials (from assume role). Turned out I had not included X-Amz-Security-Token, and this reply helped me find it! Thank you!

Can you please confirm if the header has to be added prior to signing the request?

joelbyren commented 4 years ago

I was using this lib and got it working with user access key/secret, but I couldn't get it to work with temporary credentials (from assume role). Turned out I had not included X-Amz-Security-Token, and this reply helped me find it! Thank you!

Can you please confirm if the header has to be added prior to signing the request?

X-Amz-Security-Token is added after signing. In the code I use, credentials does not always have a token (it depends on the credential used), so I use the UseToken property to know, and then the Token property as header value. This is with the C# version of AWS SDK.

albertocorrales commented 3 years ago

Could this PR be merged? I also needed to add the token header in my code after signing, so it would be awesome if this was added as part of the sign method, being token optional.

ltoshev commented 3 years ago

I don't think you need this PR, you just pass your token outside here is a sample:

var signer = new AWS4RequestSigner(parts[0], parts[1]); var content = new StringContent(JsonConvert.SerializeObject(obj), Encoding.UTF8, "application/json"); var request = new HttpRequestMessage { Method = HttpMethod.Post, RequestUri = new Uri(url), Content = content }; request.Headers.TryAddWithoutValidation("X-Amz-Security-Token", parts[2]);

        try
        {
            request = await signer.Sign(request, "execute-api", "eu-west-1");
            var client = new HttpClient();
            var response = await client.SendAsync(request);
            var responseStr = await response.Content.ReadAsStringAsync();
            var resp = JsonConvert.DeserializeObject<InvalidateCacheResponse>(responseStr);
            return resp.Success;
        }
        catch (Exception ex) 
        {
            ExceptionManager.Publish(ex);
        }