问题描述
我已在Amazon API Gateway上根据其官方文档创建了示例GET和POST API。我已经为这些API生成了JS SDK,我用它来从S3上托管的客户端JS文件中调用这些API。这完美无缺,没有任何授权类型。
I have created sample GET and POST APIs on Amazon API Gateway following their official documentation. I have generated JS SDK for these APIs, which I am using to call these APIs from a client-side JS file hosted on S3. This works flawlessly without any 'Authorization Type'.
现在,当我将GET方法的授权类型设置为IAM时,我需要传递IAM凭据为了它的工作。尽管通过了我的AWS账户的根凭证,但我在响应头中得到了这个:
Now, when I set 'Authorization Type' for GET method as 'IAM', I am required to pass IAM credentials in order for it to work. In spite of passing my AWS account's root credentials, I am getting this in the response headers:
x-amzn-ErrorType:InvalidSignatureException:http://internal.amazon.com/coral/com.amazon.coral.service/
最后它返回 403 错误代码。
我的问题是:是否有人成功尝试使用来自Amazon API Gateway的生成的javascript SDK和IAM认证?你能指出我可能出错的地方吗?
My question is: Has anyone successfully attempted to use generated javascript SDK from Amazon API Gateway with IAM authentication? Can you point where I might be going wrong?
谢谢。
推荐答案
我能够在AWS论坛上的几个人的帮助下解决这个问题。似乎API Gateway GET方法需要一个空体。默认情况下,如果您遵循生成的JS SDK附带的README示例,则将正文中的undefined或{}传递给GET会导致不匹配的有效负载,从而导致计算出错误的签名。
I was able to resolve this with the help of few folks on AWS Forum. It appears that the API Gateway GET method expects an empty body. By default, if you are following the README sample that comes with generated JS SDK, passing 'undefined' or just '{}' inside the body to GET causes a non-matching payload and this results in an incorrect signature being calculated.
截至目前,我只是通过硬编码 body =''$ c在/lib/apiGatewayCore/sigV4Client.js中进行了一些小调整$ C>。
As of now, I just made a small tweak in the /lib/apiGatewayCore/sigV4Client.js by hardcoding the body = ''
.
这应该是临时锻炼,因为这可能会影响您需要填充身体的其他API网关方法。就我而言,我只有GET方法。
This should be a temporary workout as this may affect your other API Gateway methods that require a filled 'body'. In my case, I only had GET methods.
这篇关于Amazon API Gateway IAM使用生成的JS SDK进行身份验证的示例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!