After it took me two weeks to get a POST request running with the 'agnostic-aws-signature' package I wanted to also make a GET request. Since them I am again two weeks on debugging this one getting the 403 message all day long.
I have tried probably all packages that are out there already with POST - with the result that just agnostic worked for me.
After trying a few days with that one on the GET request, I began to put together my own code for the signature creation, also because the error message is giving me the canonical request and string to sign which I could not review with the packages. Now those two match 100% from the error message to my code, still I am getting the same error message.
Now here is the full message:
"error": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.The Canonical String for this request should have been
GET
/dev-myapp-status/myappstatus
creation_time=1644990779295&myapp_id=f0dfb080-cea3-4111-828f-39c945e010a3
host:api.meetus.app
x-amz-content-sha256:
x-amz-date:20220315T100602Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
The String-to-Sign should have been
AWS4-HMAC-SHA256
20220315T100602Z
20220315/eu-central-1/execute-api/aws4_request
bc72522ed88d2e8e59a40f756e43cf97f08f01eebe3bbeee57e9ef876396ceb4
With my own implementation this looks 100% the same as what I have, because I can control it now. (Please spare me to post the same lines again..)
Also I checked the Credentials probably more than is good for my mental health.. I can fetch new IAM creds and those are the ones that I use. (Which is why I later add the sec-token to the headers..)
In my view that means there must be something wrong with the code that comes afterwards. So I will only post this code here, I hope someone can help.
create ksign:
async function createSignatureKey(
secretkey,
authDate,
regionName,
serviceName,
) {
let kDate = await hmac('AWS4' + secretkey, authDate, 'binary');
let kRegion = await hmac(kDate, regionName, 'binary');
let kService = await hmac(kRegion, serviceName, 'binary');
let kSigning = await hmac(kService, 'aws4_request', 'binary');
return kSigning;
}
create signature:
var hmacSignature = await hmac(kSigning, stringToSign, 'binary');
var signature = await toHex(hmacSignature);
and to hex:
async function toHex(str) {
var result = '';
for (var i = 0; i < str.length; i++) {
result += str.charCodeAt(i).toString(16);
}
return result;
}
After this I only put together the headers, if I do something wrong there aws gives me a good and very specific answer what is wrong. So I think the issue really is the signature calculation outlined here.