我有一个场景,我需要使用登录API来检索AWS access_key_id,secret_key,session_token和ID令牌。
使用那组数据,然后我需要签署请求才能使用ruby http / net将post请求调用到需要AWS身份验证的其他API
问题是请求设法在Postman中完成,但是当它在ruby上执行时,它会失败。
我正在使用它 宝石' aws-sdk','〜> 3'
以及以下用于检索登录的代码,它可以正常工作
require 'net/http'
require 'uri'
require 'json'
require 'openssl'
require 'cgi'
uri = URI.parse("https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/setup/cognito/login")
login_request = Net::HTTP::Post.new(uri)
login_request.content_type = "application/json"
login_request.body = JSON.dump({
"username" => "USERNAME",
"password" => "PASSWORD"
})
req_options = {
use_ssl: uri.scheme == "https",
}
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
http.request(login_request)
end
login_json_response = JSON.parse response.body
然后以下设置签名并调用失败的POST请求并返回403 forbidden
signer = Aws::Sigv4::Signer.new(
service: 'execute-api',
region: 'us-east-1',
access_key_id: login_json_response['access_key_id'],
secret_access_key: login_json_response['secret_key'],
session_token: login_json_response['session_token'],
apply_checksum_header: false
)
signature = signer.sign_request(
http_method: 'POST',
url: 'https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/orders/suppliers',
headers: {
'id_token' => login_json_response['id_token'],
'content_type' => "application/json"
}
)
require 'net/http'
require 'uri'
supplier_uri = URI.parse("https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/orders/suppliers")
supplier_request = Net::HTTP::Post.new(supplier_uri)
supplier_request['Content-Type'] = "application/json"
supplier_request["Authorization"] = signature.headers['authorization']
supplier_request["X-Amz-Date"] = signature.headers['x-amz-date']
supplier_request["X-Amz-Security-Token"] = signature.headers['x-amz-security-token']
supplier_request["id_token"] = login_json_response['id_token']
req_options = {
use_ssl: supplier_uri.scheme == "https",
}
supplier_response = Net::HTTP.start(supplier_uri.hostname, supplier_uri.port, req_options) do |http|
http.request(supplier_request)
end
错误消息是"我们计算的请求签名与您提供的签名不匹配。检查您的AWS Secret Access Key和签名方法。有关详细信息,请参阅服务文档。"
上面有什么错误的配置吗?谁能帮我这个?
-----编辑----- 在这里,我附上Postman
的导出卷曲请求curl -X POST \
https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/orders/suppliers \
-H 'Authorization: AWS4-HMAC-SHA256 Credential=ASIAJB2MFOYYXX3E372Q/20180407/us-east-1/execute-api/aws4_request, SignedHeaders=content-type;host;id_token;x-amz-date;x-amz-security-token, Signature=f8d7a7b493ab6e5f80205f334392ce2cacdb239e225cf0bc4e99fb9913e3c811' \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: e15cbd1e-a02d-4943-842f-09cb36a2c6dc' \
-H 'X-Amz-Date: 20180407T085649Z' \
-H 'X-Amz-Security-Token: AgoGb3JpZ2luEE0aCXVzLWVhc3QtMSKAAgWZ75tufxKOr3kigmslpAVZ6v1/gxALtIi5sLe8KrbdHwddo7dTgDwMK8US2jPdmoT5Ds6QHqALCfsOe5eOtk4jAgn7OOScOaiL7a97EmM2gCbg51PG7M/s9507g2NXtuCpg7vEC6QMTKvzxUOtpF1m2a9yW0XTugzcC1TAnOt/nmG+lR+j7kDQbhaBXZbzyutZlh6wYmCuYLLsqSrLz0h4rCrz1v4wIo5brMwvlrzpgqNPc4x/xAvGwJ7jSjrq0svy7j7wb/1HjSvk1Cf1HCt10WhPl6tGDSDK4RzUY18Rh4xU46gNkdKc4DRoAgPTN1Ed44D31rxit3YjPIkb9fkqpgUIchAAGgwzNDA3MzA3NzYwOTUiDDJ3g0Y9Ww/RfPctECqDBeD3f3zG0cz7Uufy4aiT+HBqCsaYJnFzaDgZx0m9Agk9570ezF1B7xVVF+mE53XsjleIAMcoDPwLEtuBM4XA7JkOvOrfgs+9dyKy/cXh/zGxsDsjKOg0PXFvuWm4xpUndmFBNPEsVKeCfUOGn++6dqLS2mHm1S2LFxg9pLqB5ztU+lYehZs8IgEd55YCMjalJgXI3TGVJMgZLxKxIl3dfmQyBlpXNTma2RJoP/KOwaASwhy4xNTBJOW7spbwsONzeaNfvX0N4Hz1zlSKgwkBB/Pwo2QHF6ymbZNPimqmHFlD0dAiSoZoVK9Kd/d3hwctXCAh6boYRevaBB8N+TektujtdZiThM9EOpwCEFOnHb83oFqrq6Ba5k0NITKxlpCm5sFJwrkTUcHNZ7XiNBF1yfGFRsGsA2tNncTtt+lodtGV2m0Tbyb3s0klc6pI2D3gXG+XnDDyReptrBCmvYP8UcMLtyb8OouycRziw7uKfM7FnAhROeWMAEwyRNtPJWfxnUhOX8Uwx6ZBaVnjDSWkN/tTvCgp9zSjYMRxDCFRXNMGFJTCYC1clDUQ38X0Cy6gszgreUEI7e9KNPVq0IbKN4M6Hd1W4CuWE2hA1egn+GBULiD9/AvrYzdETZPeRpbgbj/iE4Di20I8aCB2a3wupWXtvfuw4wAb6i3EPiKCtYCiLBdC2N6AjDaXmyRhZaO3K3crpM44WkfGp5TWo6AgOOTjS3ZTBaAHCznh+8DfbsHXsU7+dbXhkd2fmEkPvi6NRLFtWY8cImsSSnpHoweCMixkwcwTKAwrG9errkcaekP/fjtzTxEQmMDal7PSZW3K6ynfoBOAwCsRQg9IDXhBLguZoSow7dCX1gU=' \
-H 'id_token: eyJraWQiOiJkQlVPdGIyWnJNN1Jab1lHR2FUdDZaS25pemJpYUk2XC9rXC80dHNBUDZwdXc9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI1Y2I0MTkyOC0yYTM5LTRmYzAtOWMzYi1iNTA4YmNhNmI0NmMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX1c1ZlJrQmdMaCIsImNvZ25pdG86dXNlcm5hbWUiOiJtYXJjb0AyNWhvbGRpbmdzLmNvbSIsImN1c3RvbTp1c2VySWQiOiIxNTMxMSIsImN1c3RvbTp0ZW5hbnRJZCI6IjE1MzA2IiwiYXVkIjoiNWY1b2FiMmpuNTdsdGhkNW12Z3QyY2w0N3IiLCJldmVudF9pZCI6IjZkMjU3Yzk0LTM4YjEtMTFlOC1hMDVlLTIxN2VjY2FiM2FmOCIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNTIyOTE5NTMyLCJleHAiOjE1MjI5MjMxMzIsImlhdCI6MTUyMjkxOTUzMiwiZW1haWwiOiJtYXJjb0AyNWhvbGRpbmdzLmNvbSJ9.VbWxzLgtqlFm4ralVVnrPa8kXV4iO-dvuQ7pM7LHGCUihPV_DtoeKzlhAgR3CSJpDUcJYE5ZHNd1CmT--0jgjZ9XO-lfwkQfByhpsbVCpWuOIZBYxC23Rvse-T4InisZmKiHTEmaJTcXg9gXLbwLBhH7kYl2tpLL3LHWHuUxlmk2VOTKzuXFzgXqEHO31wBtczVY2QLrUexRrJYJVcfBEb6u7ATVy3o8GwZD1AhpErZt94JFWj-k8yYxRCwSN8R4ZrBRkO4wfofXVSwLwW_jkr62dl9Fxsh2hFIiCT_R-zBWgZRLNoMW0jwFoqiwaWsdbxFuYYX5YvtkKmLh5JlgbA'
提前致谢!