AWS API网关发布请求返回403禁止

时间:2018-04-06 02:20:30

标签: ruby-on-rails ruby amazon-web-services aws-sdk

我有一个场景,我需要使用登录API来检索AWS access_key_id,secret_key,session_token和ID令牌。

使用那组数据,然后我需要签署请求才能使用ruby http / net将post请求调用到需要AWS身份验证的其他API

问题是请求设法在Postman中完成,但是当它在ruby上执行时,它会失败。

我正在使用它 宝石' aws-sdk','〜> 3'

以及以下用于检索登录的代码,它可以正常工作

require 'net/http'
require 'uri'
require 'json'
require 'openssl'
require 'cgi'


uri = URI.parse("https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/setup/cognito/login")
login_request = Net::HTTP::Post.new(uri)
login_request.content_type = "application/json"
login_request.body = JSON.dump({
  "username" => "USERNAME",
  "password" => "PASSWORD"
})

req_options = {
  use_ssl: uri.scheme == "https",
}

response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
  http.request(login_request)
end


login_json_response = JSON.parse response.body

然后以下设置签名并调用失败的POST请求并返回403 forbidden

signer = Aws::Sigv4::Signer.new(
  service: 'execute-api',
  region: 'us-east-1',
  access_key_id: login_json_response['access_key_id'],
  secret_access_key: login_json_response['secret_key'],
  session_token: login_json_response['session_token'],
  apply_checksum_header: false
)

signature = signer.sign_request(
  http_method: 'POST',
  url: 'https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/orders/suppliers',
  headers: {
    'id_token' => login_json_response['id_token'],
    'content_type' => "application/json"
  }
)


require 'net/http'
require 'uri'

supplier_uri = URI.parse("https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/orders/suppliers")
supplier_request = Net::HTTP::Post.new(supplier_uri)
supplier_request['Content-Type'] = "application/json"
supplier_request["Authorization"] = signature.headers['authorization']
supplier_request["X-Amz-Date"] = signature.headers['x-amz-date']
supplier_request["X-Amz-Security-Token"] =  signature.headers['x-amz-security-token']
supplier_request["id_token"] = login_json_response['id_token']

req_options = {
  use_ssl: supplier_uri.scheme == "https",
}

supplier_response = Net::HTTP.start(supplier_uri.hostname, supplier_uri.port, req_options) do |http|
  http.request(supplier_request)
end

错误消息是"我们计算的请求签名与您提供的签名不匹配。检查您的AWS Secret Access Key和签名方法。有关详细信息,请参阅服务文档。"

上面有什么错误的配置吗?谁能帮我这个?

-----编辑----- 在这里,我附上Postman

的导出卷曲请求
curl -X POST \
 https://EXAMPLE.execute-api.us-east-1.amazonaws.com/live/orders/suppliers \
  -H 'Authorization: AWS4-HMAC-SHA256 Credential=ASIAJB2MFOYYXX3E372Q/20180407/us-east-1/execute-api/aws4_request, SignedHeaders=content-type;host;id_token;x-amz-date;x-amz-security-token, Signature=f8d7a7b493ab6e5f80205f334392ce2cacdb239e225cf0bc4e99fb9913e3c811' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -H 'Postman-Token: e15cbd1e-a02d-4943-842f-09cb36a2c6dc' \
  -H 'X-Amz-Date: 20180407T085649Z' \
  -H 'X-Amz-Security-Token: AgoGb3JpZ2luEE0aCXVzLWVhc3QtMSKAAgWZ75tufxKOr3kigmslpAVZ6v1/gxALtIi5sLe8KrbdHwddo7dTgDwMK8US2jPdmoT5Ds6QHqALCfsOe5eOtk4jAgn7OOScOaiL7a97EmM2gCbg51PG7M/s9507g2NXtuCpg7vEC6QMTKvzxUOtpF1m2a9yW0XTugzcC1TAnOt/nmG+lR+j7kDQbhaBXZbzyutZlh6wYmCuYLLsqSrLz0h4rCrz1v4wIo5brMwvlrzpgqNPc4x/xAvGwJ7jSjrq0svy7j7wb/1HjSvk1Cf1HCt10WhPl6tGDSDK4RzUY18Rh4xU46gNkdKc4DRoAgPTN1Ed44D31rxit3YjPIkb9fkqpgUIchAAGgwzNDA3MzA3NzYwOTUiDDJ3g0Y9Ww/RfPctECqDBeD3f3zG0cz7Uufy4aiT+HBqCsaYJnFzaDgZx0m9Agk9570ezF1B7xVVF+mE53XsjleIAMcoDPwLEtuBM4XA7JkOvOrfgs+9dyKy/cXh/zGxsDsjKOg0PXFvuWm4xpUndmFBNPEsVKeCfUOGn++6dqLS2mHm1S2LFxg9pLqB5ztU+lYehZs8IgEd55YCMjalJgXI3TGVJMgZLxKxIl3dfmQyBlpXNTma2RJoP/KOwaASwhy4xNTBJOW7spbwsONzeaNfvX0N4Hz1zlSKgwkBB/Pwo2QHF6ymbZNPimqmHFlD0dAiSoZoVK9Kd/d3hwctXCAh6boYRevaBB8N+TektujtdZiThM9EOpwCEFOnHb83oFqrq6Ba5k0NITKxlpCm5sFJwrkTUcHNZ7XiNBF1yfGFRsGsA2tNncTtt+lodtGV2m0Tbyb3s0klc6pI2D3gXG+XnDDyReptrBCmvYP8UcMLtyb8OouycRziw7uKfM7FnAhROeWMAEwyRNtPJWfxnUhOX8Uwx6ZBaVnjDSWkN/tTvCgp9zSjYMRxDCFRXNMGFJTCYC1clDUQ38X0Cy6gszgreUEI7e9KNPVq0IbKN4M6Hd1W4CuWE2hA1egn+GBULiD9/AvrYzdETZPeRpbgbj/iE4Di20I8aCB2a3wupWXtvfuw4wAb6i3EPiKCtYCiLBdC2N6AjDaXmyRhZaO3K3crpM44WkfGp5TWo6AgOOTjS3ZTBaAHCznh+8DfbsHXsU7+dbXhkd2fmEkPvi6NRLFtWY8cImsSSnpHoweCMixkwcwTKAwrG9errkcaekP/fjtzTxEQmMDal7PSZW3K6ynfoBOAwCsRQg9IDXhBLguZoSow7dCX1gU=' \
  -H 'id_token: eyJraWQiOiJkQlVPdGIyWnJNN1Jab1lHR2FUdDZaS25pemJpYUk2XC9rXC80dHNBUDZwdXc9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI1Y2I0MTkyOC0yYTM5LTRmYzAtOWMzYi1iNTA4YmNhNmI0NmMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX1c1ZlJrQmdMaCIsImNvZ25pdG86dXNlcm5hbWUiOiJtYXJjb0AyNWhvbGRpbmdzLmNvbSIsImN1c3RvbTp1c2VySWQiOiIxNTMxMSIsImN1c3RvbTp0ZW5hbnRJZCI6IjE1MzA2IiwiYXVkIjoiNWY1b2FiMmpuNTdsdGhkNW12Z3QyY2w0N3IiLCJldmVudF9pZCI6IjZkMjU3Yzk0LTM4YjEtMTFlOC1hMDVlLTIxN2VjY2FiM2FmOCIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNTIyOTE5NTMyLCJleHAiOjE1MjI5MjMxMzIsImlhdCI6MTUyMjkxOTUzMiwiZW1haWwiOiJtYXJjb0AyNWhvbGRpbmdzLmNvbSJ9.VbWxzLgtqlFm4ralVVnrPa8kXV4iO-dvuQ7pM7LHGCUihPV_DtoeKzlhAgR3CSJpDUcJYE5ZHNd1CmT--0jgjZ9XO-lfwkQfByhpsbVCpWuOIZBYxC23Rvse-T4InisZmKiHTEmaJTcXg9gXLbwLBhH7kYl2tpLL3LHWHuUxlmk2VOTKzuXFzgXqEHO31wBtczVY2QLrUexRrJYJVcfBEb6u7ATVy3o8GwZD1AhpErZt94JFWj-k8yYxRCwSN8R4ZrBRkO4wfofXVSwLwW_jkr62dl9Fxsh2hFIiCT_R-zBWgZRLNoMW0jwFoqiwaWsdbxFuYYX5YvtkKmLh5JlgbA'

提前致谢!

0 个答案:

没有答案