AWS Signatures - How to make it work?

I’m trying to authenticate with AWS, and can’t make it work. First of all, it works in Postman using AWS authentication.

I am using this plugin from @FlipList:

And this plugin for SHA256:

I find this really hard, and the reason why it’s hard is because the plugin only solves part of the problem. You have to construct a canonical version of your request and then SHA256-hash it manually before the plugin starts to work.

I’ve seen many people struggling with similar problems in the forums, and found no solution. I’d like to share my problem here and hopefully find a solution through the collective intelligence of the community. Would be great if you could join in @FlipList!

Here is my workflow:

Step 1: Get the current time, save it in ISO8601 format
Step 2: Create the canonical request, SHA256 hash it
Step 3: Create the string to sign

screenshot11436×898 87 KB

screenshot21436×898 93.5 KB

screenshot31436×898 102 KB

Here’s where I am: I’m not sure where it fails. The date in step 1 looks right. The hashing in step 2 works (but there could be issues in my input). Step 3 does not return anything.

Hey @tne ,

from the post I can see the \n (press enter in the text field)
“AWS4-HMAC-SHA256\nCurrent User’s”
This should be
AWS4-HMAC-SHA256
Current User’s

Each Canonical comes with its own unique values and some calls may require you to hash a payload in addition. You can use the error response from the API to inform what your call should look like. Literally copy and paste the call into the arbitrary text in the SHA256 hash plugin.

The plugin is free and ‘incomplete’, I provided the code to execute the signature from someone else. It took me a very long time to complete the signature process while stumbling on the code from Drew at the Wimpy Programmer Blog. https://www.wimpyprogrammer.com/calculate-aws-v4-signature-client-side-javascript

It’s been vital to my primary business on Amazon. You can DM me about specifics , but consulting is not my primary focus.

Neil

I have removed the \n. You’re right about that.

I think the problem is that my canonical is slightly wrong (or very wrong), but I don’t have any ways of testing it. Have you found a good way to make sure the canonicals come out right?

The error I’m getting is:
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."

It should be close to or exactly what you put into postman if it was working.

“Consult the service documentation for details”
Eventually there is an error message when initializing that would read "Your signature should have been " x " and the string to sign “y” or something along those lines.

After 12 hours of trying and failing, I ended up switching to basic auth. My advice to fellow Bubblers would be avoid IAM auth if they have an alternative, until Bubble (or someone else) provide AWS authentication out of the box in the API Connector. Perhaps someone can build on the nice work FlipList has started to provide a complete solution.

This topic was automatically closed after 70 days. New replies are no longer allowed.