AWS API Gateway endpoint authenticated File Upload POST Request Signature Mismatch
Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.
The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."
Note: The file upload POST request works fine without IAM authorization enabled.
Here is a snippet of Angular signed request code:
onSubmit() {
// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';
// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();
// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0])
const file = uf.files[0];
// check file extension to verify .htm/.html
if (this.checkFileType(file.name))
const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);
// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);
// set request headers
const req_options =
headers: headers
;
this.http.post(dataUrl, formData, req_options).subscribe(
response =>
this.response_message = 'The following file ' + file.name + ' was published successfully.';
// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';
// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;
,
error =>
this._err = <Error>error.json();
// re-enable submit after error response
this.disableSubmit = false;
);
else
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
else
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders
// declare variables
let headers: HttpHeaders = new HttpHeaders();
// set aws config parameter
const config: Config =
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
;
// create aws-sign-web object
const signer = new AwsSigner(config);
// declare aws-sign-web request object
const request =
method: method,
url: dataURL,
body: formData
;
// sign aws request
const signed = signer.sign(request);
console.log(signed);
// loop through signed request objects and map to Headers list object
for (const attribute in signed)
if (signed[attribute])
headers = headers.append(attribute, signed[attribute]);
return headers;
Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.
angular typescript amazon-web-services authorization aws-api-gateway
add a comment |
Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.
The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."
Note: The file upload POST request works fine without IAM authorization enabled.
Here is a snippet of Angular signed request code:
onSubmit() {
// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';
// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();
// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0])
const file = uf.files[0];
// check file extension to verify .htm/.html
if (this.checkFileType(file.name))
const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);
// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);
// set request headers
const req_options =
headers: headers
;
this.http.post(dataUrl, formData, req_options).subscribe(
response =>
this.response_message = 'The following file ' + file.name + ' was published successfully.';
// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';
// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;
,
error =>
this._err = <Error>error.json();
// re-enable submit after error response
this.disableSubmit = false;
);
else
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
else
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders
// declare variables
let headers: HttpHeaders = new HttpHeaders();
// set aws config parameter
const config: Config =
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
;
// create aws-sign-web object
const signer = new AwsSigner(config);
// declare aws-sign-web request object
const request =
method: method,
url: dataURL,
body: formData
;
// sign aws request
const signed = signer.sign(request);
console.log(signed);
// loop through signed request objects and map to Headers list object
for (const attribute in signed)
if (signed[attribute])
headers = headers.append(attribute, signed[attribute]);
return headers;
Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.
angular typescript amazon-web-services authorization aws-api-gateway
Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.
– sysarch-gator
Jan 15 at 12:54
add a comment |
Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.
The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."
Note: The file upload POST request works fine without IAM authorization enabled.
Here is a snippet of Angular signed request code:
onSubmit() {
// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';
// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();
// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0])
const file = uf.files[0];
// check file extension to verify .htm/.html
if (this.checkFileType(file.name))
const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);
// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);
// set request headers
const req_options =
headers: headers
;
this.http.post(dataUrl, formData, req_options).subscribe(
response =>
this.response_message = 'The following file ' + file.name + ' was published successfully.';
// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';
// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;
,
error =>
this._err = <Error>error.json();
// re-enable submit after error response
this.disableSubmit = false;
);
else
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
else
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders
// declare variables
let headers: HttpHeaders = new HttpHeaders();
// set aws config parameter
const config: Config =
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
;
// create aws-sign-web object
const signer = new AwsSigner(config);
// declare aws-sign-web request object
const request =
method: method,
url: dataURL,
body: formData
;
// sign aws request
const signed = signer.sign(request);
console.log(signed);
// loop through signed request objects and map to Headers list object
for (const attribute in signed)
if (signed[attribute])
headers = headers.append(attribute, signed[attribute]);
return headers;
Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.
angular typescript amazon-web-services authorization aws-api-gateway
Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.
The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."
Note: The file upload POST request works fine without IAM authorization enabled.
Here is a snippet of Angular signed request code:
onSubmit() {
// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';
// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();
// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0])
const file = uf.files[0];
// check file extension to verify .htm/.html
if (this.checkFileType(file.name))
const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);
// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);
// set request headers
const req_options =
headers: headers
;
this.http.post(dataUrl, formData, req_options).subscribe(
response =>
this.response_message = 'The following file ' + file.name + ' was published successfully.';
// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';
// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;
,
error =>
this._err = <Error>error.json();
// re-enable submit after error response
this.disableSubmit = false;
);
else
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
else
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders
// declare variables
let headers: HttpHeaders = new HttpHeaders();
// set aws config parameter
const config: Config =
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
;
// create aws-sign-web object
const signer = new AwsSigner(config);
// declare aws-sign-web request object
const request =
method: method,
url: dataURL,
body: formData
;
// sign aws request
const signed = signer.sign(request);
console.log(signed);
// loop through signed request objects and map to Headers list object
for (const attribute in signed)
if (signed[attribute])
headers = headers.append(attribute, signed[attribute]);
return headers;
Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.
angular typescript amazon-web-services authorization aws-api-gateway
angular typescript amazon-web-services authorization aws-api-gateway
asked Nov 14 '18 at 17:08
sysarch-gatorsysarch-gator
11
11
Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.
– sysarch-gator
Jan 15 at 12:54
add a comment |
Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.
– sysarch-gator
Jan 15 at 12:54
Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.
– sysarch-gator
Jan 15 at 12:54
Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.
– sysarch-gator
Jan 15 at 12:54
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53305435%2faws-api-gateway-endpoint-authenticated-file-upload-post-request-signature-mismat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53305435%2faws-api-gateway-endpoint-authenticated-file-upload-post-request-signature-mismat%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.
– sysarch-gator
Jan 15 at 12:54