The request signature we calculated does not match the signature you provided.
Closed this issue · 5 comments
When I am using GET the request succeeds.
But when I use POST I get this error response
The request signature we calculated does not match the signature you provided. ...
Is there a problem with POST and signing for API Gateway ?
Whoa, I found it
I got that error response from AWS
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'
POST
/default/flutter
tracking=x123
accept:application/json
content-type:application/json; charset=utf-8
...
and I debugged sig_v4.dart and logged the canonicalRequest in buildCanonicalRequest:
POST
/default/flutter
tracking=x123
accept:application/json
content-type:application/json
So basically AWS expects content-type:application/json; charset=utf-8 but the plugin only provides content-type:application/json.
To fix this I changed in sig_v4.dart from const _default_content_type = 'application/json'; to const _default_content_type = 'application/json; charset=utf-8'; and that makes POST work.
@jonsaw Do you want to review this? I can create a PR or you just fix it?
Thanks for the PR @BerndWessels . Content-Type varies from API implementations in AWS services. I think the best way, for now, is to overwrite your own Content-Type when calculating the Signature.
Hi @BerndWessels I'm getting the same error when using POST with DynamoDB. However, I do not see the detailed error message. How did you get the detailed message which explains the error in signatures? All I see in response is "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.".
Below is my code.
final userPool = new CognitoUserPool(USER_POOL_ID, APP_CLIENT_ID,
storage: customStore);
final user = await userPool.getCurrentUser();
final session = await user.getSession();
final credentials = CognitoCredentials(IDENTITY_POOL_ID, userPool);
await credentials.getAwsCredentials(session.getIdToken().getJwtToken());
String identityId = await CognitoIdentityId(IDENTITY_POOL_ID, userPool)
.getIdentityId(session.getIdToken().getJwtToken());
final awsSigV4Client = new AwsSigV4Client(
credentials.accessKeyId,
credentials.secretAccessKey,
'https://dynamodb.$AWS_REGION.amazonaws.com',
serviceName: 'dynamodb',
sessionToken: credentials.sessionToken,
region: AWS_REGION);
final signedRequest = new SigV4Request(awsSigV4Client,
method: 'POST',
path: '',
headers: new Map<String, String>.from({
'X-Amz-Target': 'DynamoDB_20120810.PutItem',
'Host': 'dynamodb.$AWS_REGION.amazonaws.com'
}),
body: new Map<String, dynamic>.from({
'TableName': 'watch_later',
'Item': asset.toDynamoJson(identityId)
}));
@KhuramKhalid hi, maybe I got lucky that API Gateway returns the more detailed error response - I just got it from the exception thrown.
If you get completely stuck I suggest creating a Amplify Web Project and inspect the network traffic for the same AWS calls - this should help figuring out what the difference between your flutter request and a working request from a webclient is (in the end they must be the same).
Turns out the issue was with the http client. Instead I used the raw HttpClient from the same package (http.dart) and it worked. Below is what I changed.
Instead of this:
response = await http.post(signedRequest.url,
headers: signedRequest.headers, body: signedRequest.body);
I did this:
HttpClient client = new HttpClient();
client.postUrl(Uri.parse(signedRequest.url))
.then((HttpClientRequest request) {
signedRequest.headers.forEach((headerName, headerValue) {
request.headers.add(headerName, headerValue);
});
request.write(signedRequest.body);
return request.close();
});