我正在尝试构建一个javascript应用程序。 我无法通过IAM获得经过身份验证的DELETE请求。
API网关删除路由已配置为使用AWS_IAM身份验证。 Cognito用户组附加了一个角色,授予访问权限以调用删除路由。
我使用AWS.Signers.V4
签署了请求var httpRequest = new AWS.HttpRequest("https://bo5o2odxxx.execute-api.ap-south-1.amazonaws.com/wrhprod/"+uri, "ap-south-1");
httpRequest.headers.host = "https://bo5o2odxxx.execute-api.ap-south-1.amazonaws.com";
httpRequest.headers['Content-Type'] = "application/json";
httpRequest.method = method;
var v4signer = new AWS.Signers.V4(httpRequest, "execute-api", true);
v4signer.addAuthorization(awsCredentials, AWS.util.date.getDate());
delete httpRequest.headers['host']
delete httpRequest.headers['X-Amz-User-Agent']
我正在使用axios发送删除请求:
axios.delete('/events/2017/1523502329582',
{ headers: httpRequest.headers})
.then(response => {
//success
})
.catch(error => {
//fail
});
这是我的请求标题:
:authority: bo5o2odxxx.execute-api.ap-south-1.amazonaws.com
:method: DELETE
:path: /wrhprod/events/2017/1523502329582
:scheme: https
accept: application/json, text/plain, /
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
authorization: AWS4-HMAC-SHA256 Credential=ASIAIGIXC2II7KWVVUVA/20180413/ap-south-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token;x-amz-user-agent, Signature=f1b12cf3c1a3693f259e2f0079231974d6de0e4225bca0af3754a32eecf95277
origin: http://localhost:3000
referer: http://localhost:3000/events
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
x-amz-date: 20180413T071741Z
x-amz-security-token: AgoGb3JpZ2luEAwaCmFwLXNvdXRoLTEigAIBwvwgU/vlYPZI1+XYbJUieH7lQB1XI32w08GaX0MjobxyfhFK7J3md5GaKlPdO3I+fqjYpBWOlrqNNllgjKTLZwNOx7SxrVq5T57qk27nq6kp1Y5nSDTy+wj6pHVbSmzRgrfqvOgsgWrU6NsB41taHLaN3sjQaneSC7/phQ3+UvdjQrEI7egI7TikiUs/DW6oQWMupW/75c9GEVnoA2RRdYmVqVh//OmbWdG6DMk09ritP6eLpUYvWHGrMNniGnT2Rj+3kbOgSst0JrKLwssOsO3lIm+iDxSk3NGoKRUX4iB/Lnv7XQnUaFoK2PC0DNyj9XnJVn0RXoXCPOOwPf9wKqwFCEAQABoMMTQ0MTUzMjMxNzA0Igwr7GTDa3MwS/6L7RIqiQU4WK45J//oxnc98LgRZOApKGYPyRfiDgd+LHG006GHDJTodDTysv1YIkLbOq6Da1d6ENpwdkW7h8OgtR4r+BoOPeP7h+vV55LJHexPGAGC8GKimK8iKFLjvyy1ArGWGb9FEbYtsJkjjxFZw2uZJ3ex3YWQk5UiBDkuJd8paU8rqSctcF/0SLFZyK77AndiLs7Ir3AwBvlQvOh+J3Q8MCfAuRLGOAT1VTYOMis/ZL7cczi1YRWK+7jlRdeoeQu/aP9Y07SbxRxzIh7YyhFBilLXUslRiyeKiehYK6ufI/czC2bDipegBmCAFiEff/PKvBinSUJRTkSJODmh6E25OVerbbSBgI1aCGj+b3bRiBiMwu+kIF77czK18jBfE5OeexKfh+r1w2puyYDwPgQMz9ki5BdQtHvzm0/p8W88+tPGNB0EO7E4TyWtfJ0HyLU6wgVpf4LB9YPDeUxoR8JdB+QLCXNDPdFEuWPQRgm4MgngAyHwVn+NnFsBk1U/GNHabWeX0k+PsxNn5LJ6u4RQCDP0YDsGrQmIO6DIrUWidBZ00XMeaJXWrsgHb/6qINijvg3sk1y9P7kxEZyfarotDEjqLRjpyUBufRfiCVccQ5bF0MeOxxMN4ZFC7mX7xtaSQKcmv2sG1uJus9d7yyd3phQ4FluiI77UE5CVx3bkdRlEObRXB/DyCv+gfk3VfouIchF8xNpMU1jmaHN5+rB0/lbTMxVmEX8qYc6UdZXIIWRm2spB2YwnacBhC0Q36CnCwU1hcRo7YhcminiCPQy6+7OrOTLLXKAenRjNIuPYGAaZQl1MgPMBwFpPGAdbrJG/iWleNf5fN+dettOD18VT8jrmdQ0jRM5N9OjEMJqvwdYF
这是AWS响应标题:
content-length: 192
content-type: application/json
date: Fri, 13 Apr 2018 07:17:41 GMT
status: 403
x-amz-apigw-id: FRLvXEDeBcwFuLQ=
x-amzn-errortype: InvalidSignatureException
x-amzn-requestid: c0f040c3-3eea-11e8-bd7a-dd445896cd03
我花了好几个小时在这个&没有找到解决方案,如果我能提供任何其他信息以帮助排除故障,请告诉我。
这个API正在使用cognito作为API网关授权程序,我切换到IAM,以便我可以对cognito用户进行更细粒度的控制。