Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The request signature we calculated does not match the signature you provided #144

Open
ekkis opened this issue May 2, 2022 · 1 comment

Comments

@ekkis
Copy link

ekkis commented May 2, 2022

using v1.11.0 I hand the following to the .sign() method (partnerId and Credential modified to hide actual value):

signedRequest: {
    region: 'us-east-1',
    host: 'agcod-v2-gamma.amazon.com',
    path: '/CreateGiftCard',
    body: '{"creationRequestId":"Cif1221xjchec2ac","partnerId":"Cuf12","value":{"amount":120,"currencyCode":"USD"}}',
    service: 'AGCODService',
    headers: {
      accept: 'application/json',
      'content-type': 'application/json',
      'x-amz-target': 'com.amazonaws.agcod.AGCODService.CreateGiftCard',
      Host: 'agcod-v2-gamma.amazon.com',
      'Content-Length': 104,
      'X-Amz-Date': '20220502T205849Z',
      Authorization: 'AWS4-HMAC-SHA256 Credential=AKILWWFU6UKLBAEECQ7I/20220502/us-east-1/AGCODService/aws4_request, SignedHeaders=accept;content-length;content-type;host;x-amz-date;x-amz-target, Signature=4d9cc7a9ceb696648585b47e7e56d075e3a04becdca74bf3c9212c2eae0a8f4b'
    },
    method: 'POST',
    securityOptions: 'SSL_OP_NO_SSLv3'
  }

and when I call the servers get the following error:

{
message: 'The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.'
}

could anyone elucidate for me what is wrong?

Appendix I

incidentally, using node-fetch to submit the request, like so:

    var url = `https://${signedRequest.host}${signedRequest.path}`
    return fetch(url, {
      method: 'POST',
      headers: signedRequest.headers,
      body: JSON.stringify(signedRequest.body)
    })
      .then(res => res.json())

and yes, I've verified that the credentials are correct. the same signedRequest object works fine when submitted to the server via the NPM request package, which I'm trying to replace with node-fetch as the former is deprecated

Appendix II

furthermore, if I curl with all the data displayed above, I get a success:

{"cardInfo":{"cardNumber":null,"cardStatus":"Fulfilled","expirationDate":null,"value":{"amount":120.0,"currencyCode":"USD"}},"creationRequestId":"Cif1321ydvevfgmg","gcClaimCode":"AJV7-WRRV8D-89AR","gcExpirationDate":null,"gcId":"1533548517471554","status":"SUCCESS"}

Appendix III

incidentally, I did find this: https://gist.github.com/i-like-robots/8913dad2204f95f0d4044b338092a584 which seems to suggest that a) the connection should implement keepAlive, and 2) there's some issue where CNAMEs need to be resolved. with reference to the latter, I've verified that the hostname being provided (agcod-v2-gamma.amazon.com) isn't a CNAME

I frankly don't know what the issue could be but if the guy who posted those gists wrote them, there must be a reason.

also incidentally, I'm trying to upgrade https://www.npmjs.com/package/agcod because Amazon doesn't offer an official NodeJs library to deal with this (sad). if anyone can recommend a better alternative I'm all ears

@bcesur
Copy link

bcesur commented May 19, 2022

Hey @ekkis, I also had a similar issue. I fixed the issue by giving host, path to the requestOptions of the sign function.

const signedHeaders = sign(
                {
                    method: 'GET',
                    service: 'service',
                    region: 'eu-central-1',
                    host: 'https://zzzzzzzzzz.service.eu-central-1.amazonaws.com',
                    path: '/dev/v1/test?' + searchParams,
                },
                {
                    secretAccessKey: 'secretAccessKey',
                    accessKeyId: 'accessKeyId',
                    sessionToken: 'sessionToken',
                },
            ).headers

Hope this helps ✌️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants