Comments (4)
Hi @Schwusch,
I'm also having the same issue as @littlekid440
When signing S3's PutObject operation via aws_s3_api, I'm getting:
AccessDenied
There were headers present in the request which were not signed
x-amz-security-token
It seems that S3 expects 'X-Amz-Security-Token' header to be signed in and here you are not signing it.
Do you have any ETA on when this will be addressed?
As a workaround, I'm doing the following and it is working fine:
final _s.RestXmlProtocol protocol = _s.RestXmlProtocol(
client: _client,
service: 's3',
region: _region,
credentials: AwsClientCredentials(
accessKey: credentials.accessKey,
secretKey: credentials.secretKey,
sessionToken: credentials.sessionToken),
endpointUrl: _domain,
);
final $result = await protocol.send(
method: 'PUT',
requestUri:
'/${Uri.encodeComponent(_bucketName)}/${Uri.encodeComponent(fileName)}',
headers: {'x-amz-security-token': credentials.sessionToken},
payload: body,
exceptionFnMap: _exceptionFns,
);
PutObjectOutput output =
PutObjectOutput.fromXml($result.body, headers: $result.headers);
Thanks.
from aws_client.
S3 seems to be a little bit special and is tracked in #238
from aws_client.
As mentioned in #238, I think I have a way forward with this.
The trick is to expose signAws4HmacSha256 and other signing functions in the shared_aws_api, and let the protocol class send method take an optional signing function as an argument. The function signature would be something like:
typedef RequestSigner = void Function({
required Request rq,
required ServiceMetadata service,
required String region,
required AwsClientCredentials credentials,
});
E.g. RestXmlProtocol.send() method signature would then be:
Future<RestXmlResponse> send({
required String method,
required String requestUri,
required Map<String, AwsExceptionFn> exceptionFnMap,
bool signed = true,
Map<String, List<String>>? queryParams,
Map<String, String>? headers,
dynamic payload,
String? resultWrapper,
RequestSigner? requestSigner, // take signer as an argument
}) async {}
Later, the signing could simply be:
if (requestSigner != null) {
requestSigner(
rq: rq,
service: _endpoint.service,
region: _endpoint.signingRegion,
credentials: credentials,
);
} else {
signAws4HmacSha256(
rq: rq,
service: _endpoint.service,
region: _endpoint.signingRegion,
credentials: credentials,
);
}
That way we only have to supply the send() method a signing function when it's not supposed to be V4 signing.
During service code generation, it's possible to then decide what signing function (if any!) the operation needs, and provide it.
from aws_client.
Would generating presigned URLs also fall into this work?
E.g. the generate_presigned_url
/generatePresignedUrl
methods in the Java/Python SDKs.
Edit: For reference it appears aws_signature_v4 has a Dart implementation of it in AWSSigV4Signer.presign().
from aws_client.
Related Issues (20)
- Please add Null Safety to document_client Plugin HOT 1
- document_client & aws_dynamodb_api both not working for android HOT 2
- There is no documentation or articles for How to integrate in Flutter also the import 'package:aws_rekognition_api/rekognition-2016-06-27.dart'; dosen't work HOT 1
- Refused to set unsafe header "Host" HOT 4
- Not have MeetingSession on aws chime HOT 1
- An example of streaming data to amazon Personalize [QUESTION] HOT 1
- Class 'QueueAttributeName' has no instance method 'toJson'. HOT 3
- Upgrade to xml ^6 HOT 4
- No mechanism to discern response status code HOT 1
- Unable to access S3 via IAM role HOT 5
- Incompatilibty with `amplify_flutter` HOT 1
- NoSuchMethodError: Class 'double' has no instance method 'toJson'
- MalformedInput Sender: timestamp must follow ISO8601 HOT 7
- How to use Amazon S3 to down file by presigned URL
- Exception: credentials for signing request is null
- Topic Subscribe
- aws_polly_api could really use an example
- pub.dev will rate limit the publishing of packages
- How to send data to aws HOT 1
- Investigate why the analysis of aws_client is stuck on pub.dev HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws_client.