AWS APIGateway JS SDK + IAM + PUT + Body =错误

时间:2017-06-20 10:34:47

标签: javascript amazon-web-services aws-api-gateway

美好的一天。

我正在使用AWS APIGateway自动生成的JS SDK来执行PUT请求。我有一个标识池,因此在PUT方法上启用了IAM身份验证。

我有一个GET请求(apigClient.userProfileGet)使用IAM身份验证工作正常,所以我不怀疑这是我的政策配置。

我遇到的问题是,只要我将主体添加到请求中,我就会收到非常模糊的The request signature we calculated does not match the signature you provided错误消息。

我的代码示例如下:

apigClient = apigClientFactory.newClient({
    accessKey: AWS.config.credentials.accessKeyId,
    secretKey: AWS.config.credentials.secretAccessKey,
    sessionToken: AWS.config.credentials.sessionToken,
    region: 'eu-west-1'
});

let firstName = document.getElementById('firstName_update').value;
let lastName = document.getElementById('lastName_update').value;
let profilePic = document.getElementById('profilePic_update').value;

let body = {
    'firstName': firstName,
    'lastName': lastName,
    'profilePic': profilePic
};

apigClient.userProfilePut({
    'cognito-id-token': session.getIdToken().getJwtToken(),
    'g-id-token': null,
    'fb-access-token': null
}, body).then(data => {
    console.log(data);
});

如果我删除了IAM身份验证,该方法执行正常,我得到了我期望从后端获得的响应。

如果我将IAM auth保留在原位,但删除了正文,则该方法会执行,并且我得到了我期望从后端得到的错误响应(例如"错误,正文中缺少参数")。 / p>

显然我需要能够发送请求正文..

我做错了什么?

非常感谢

编辑:

我的请求正文模型如下所示:

{
  "$schema" : "http://json-schema.org/draft-04/schema#",
  "title" : "UserDataUpdateRequest",
  "type" : "object",
  "properties" : {
    "firstName": { "type": "string"},
    "lastName": { "type": "string" },
    "profilePic": { "type": "string" }
  },
  "required": [ "firstName", "lastName", "profilePic" ]
}

1 个答案:

答案 0 :(得分:0)

所以我花了8个小时试图解决这个问题。

问题如下:

这是AWS APIGateway预期的请求的规范字符串:

PUT
/Development/user/profile

accept:*/*
cognito-id-token:eyJraWQiOiIyRFN2VlFNUWZ6c051emxBVWxqRksyd0J4SzdiZ2JiU01SZjlKU1l5NWpzPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjMWY4MWJhZS0xOWZiLTRiYjEtOGI3Ni1kZDE3ZDJjYzVmNjQiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbVwvZXUtd2VzdC0xX2x0WFNaSGFndiIsInBob25lX251bWJlcl92ZXJpZmllZCI6ZmFsc2UsImNvZ25pdG86dXNlcm5hbWUiOiJsdWtlQHRvdWNoZm91bmRyeS5jby56YSIsImF1ZCI6IjIwczY1bjMyYzJucGM5NmE0MHIxNjM4NmJvIiwidXBkYXRlZF9hdCI6MTQ5NjMyOTQwOTMxNSwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE0OTc5NjI3NDksIm5hbWUiOiJMdWtlIiwicGhvbmVfbnVtYmVyIjoiKzI3ODQ4MTcwMDEyIiwiZXhwIjoxNDk3OTY2MzQ5LCJpYXQiOjE0OTc5NjI3NDksImZhbWlseV9uYW1lIjoiSm9obnN0b25lIiwiZW1haWwiOiJsdWtlQHRvdWNoZm91bmRyeS5jby56YSJ9.bXuKyQ-dpU9A4jI-1cViUH_1mV68qObyCREUKwLfzYyBrpNgE_z9YMGpz0uRR7UbgvVMd2LkesXqileZ-H_Gai8M5vqodKQJG2gOOyKPCEvW2G4ieMQgPrkeeWdV77JF4tixdzksJbi4cS78jCgYLgPDp_cn-vOrnkwqSxsu7KUnr3aMoZKvNH7A4mtiJxcLoC-esFdFx1BUzV69NwzX1HOWXk99d3x01Cjes08SBzxTOr3bbEhC0Z0VP0p7sXBL9SSgaecijDIgo9Sa_yKE9amx0Q4jRgf45-NCe2FgRZlpBaouz7blGlt_RUvUACYfgCyBe3LtPDZa3dG5tEhtbg
content-type:application/json
fb-access-token:null
g-id-token:null
host:488s00ffrd.execute-api.eu-west-1.amazonaws.com
x-amz-date:20170620T133151Z

accept;cognito-id-token;content-type;fb-access-token;g-id-token;host;x-amz-date
88e953912796feb4023a4d860ca6e03d62ace022b47a6217865323bf5c7b4b37

这是您可以在APIGateway网站上生成的Javascript SDK生成的最终Canonical String:

PUT
/Development/user/profile

accept:*/*
content-type:application/json
cognito-id-token:eyJraWQiOiIyRFN2VlFNUWZ6c051emxBVWxqRksyd0J4SzdiZ2JiU01SZjlKU1l5NWpzPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjMWY4MWJhZS0xOWZiLTRiYjEtOGI3Ni1kZDE3ZDJjYzVmNjQiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbVwvZXUtd2VzdC0xX2x0WFNaSGFndiIsInBob25lX251bWJlcl92ZXJpZmllZCI6ZmFsc2UsImNvZ25pdG86dXNlcm5hbWUiOiJsdWtlQHRvdWNoZm91bmRyeS5jby56YSIsImF1ZCI6IjIwczY1bjMyYzJucGM5NmE0MHIxNjM4NmJvIiwidXBkYXRlZF9hdCI6MTQ5NjMyOTQwOTMxNSwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE0OTc5NjI3NDksIm5hbWUiOiJMdWtlIiwicGhvbmVfbnVtYmVyIjoiKzI3ODQ4MTcwMDEyIiwiZXhwIjoxNDk3OTY2MzQ5LCJpYXQiOjE0OTc5NjI3NDksImZhbWlseV9uYW1lIjoiSm9obnN0b25lIiwiZW1haWwiOiJsdWtlQHRvdWNoZm91bmRyeS5jby56YSJ9.bXuKyQ-dpU9A4jI-1cViUH_1mV68qObyCREUKwLfzYyBrpNgE_z9YMGpz0uRR7UbgvVMd2LkesXqileZ-H_Gai8M5vqodKQJG2gOOyKPCEvW2G4ieMQgPrkeeWdV77JF4tixdzksJbi4cS78jCgYLgPDp_cn-vOrnkwqSxsu7KUnr3aMoZKvNH7A4mtiJxcLoC-esFdFx1BUzV69NwzX1HOWXk99d3x01Cjes08SBzxTOr3bbEhC0Z0VP0p7sXBL9SSgaecijDIgo9Sa_yKE9amx0Q4jRgf45-NCe2FgRZlpBaouz7blGlt_RUvUACYfgCyBe3LtPDZa3dG5tEhtbg
fb-access-token:null
g-id-token:null
host:488s00ffrd.execute-api.eu-west-1.amazonaws.com
x-amz-date:20170620T133151Z

accept;cognito-id-token;content-type;fb-access-token;g-id-token;host;x-amz-date
88e953912796feb4023a4d860ca6e03d62ace022b47a6217865323bf5c7b4b37

现在发现差异!

我将为您节省8小时的时间,SDK将content-type置于我的自定义标头cognito-id-token下方。由于它是一个普通的旧字符串比较,因此检查失败了。

解决方案 我重命名了我的自定义标题。我给它们加了x-作为前缀,现在它起作用了。

该死的,这很难解决。希望这将在未来拯救另一个可怜的灵魂。

相关问题
最新问题