AWS API Gateway endpoint authenticated File Upload POST Request Signature Mismatch












0















Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.



The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."



Note: The file upload POST request works fine without IAM authorization enabled.



Here is a snippet of Angular signed request code:



onSubmit() {

// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';

// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();

// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0]) {

const file = uf.files[0];

// check file extension to verify .htm/.html
if (this.checkFileType(file.name)) {

const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);

// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);

// set request headers
const req_options = {
headers: headers

};

this.http.post(dataUrl, formData, req_options).subscribe(
response => {
this.response_message = 'The following file ' + file.name + ' was published successfully.';

// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';

// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;

},
error => {

this._err = <Error>error.json();

// re-enable submit after error response
this.disableSubmit = false;
}
);

} else {
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
}
} else {
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
}

public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders {

// declare variables
let headers: HttpHeaders = new HttpHeaders();


// set aws config parameter
const config: Config = {
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
};

// create aws-sign-web object
const signer = new AwsSigner(config);

// declare aws-sign-web request object
const request = {
method: method,
url: dataURL,
body: formData
};

// sign aws request
const signed = signer.sign(request);

console.log(signed);

// loop through signed request objects and map to Headers list object
for (const attribute in signed) {
if (signed[attribute]) {
headers = headers.append(attribute, signed[attribute]);
}
}

return headers;

}


Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.










share|improve this question























  • Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.

    – sysarch-gator
    Jan 15 at 12:54
















0















Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.



The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."



Note: The file upload POST request works fine without IAM authorization enabled.



Here is a snippet of Angular signed request code:



onSubmit() {

// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';

// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();

// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0]) {

const file = uf.files[0];

// check file extension to verify .htm/.html
if (this.checkFileType(file.name)) {

const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);

// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);

// set request headers
const req_options = {
headers: headers

};

this.http.post(dataUrl, formData, req_options).subscribe(
response => {
this.response_message = 'The following file ' + file.name + ' was published successfully.';

// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';

// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;

},
error => {

this._err = <Error>error.json();

// re-enable submit after error response
this.disableSubmit = false;
}
);

} else {
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
}
} else {
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
}

public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders {

// declare variables
let headers: HttpHeaders = new HttpHeaders();


// set aws config parameter
const config: Config = {
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
};

// create aws-sign-web object
const signer = new AwsSigner(config);

// declare aws-sign-web request object
const request = {
method: method,
url: dataURL,
body: formData
};

// sign aws request
const signed = signer.sign(request);

console.log(signed);

// loop through signed request objects and map to Headers list object
for (const attribute in signed) {
if (signed[attribute]) {
headers = headers.append(attribute, signed[attribute]);
}
}

return headers;

}


Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.










share|improve this question























  • Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.

    – sysarch-gator
    Jan 15 at 12:54














0












0








0








Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.



The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."



Note: The file upload POST request works fine without IAM authorization enabled.



Here is a snippet of Angular signed request code:



onSubmit() {

// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';

// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();

// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0]) {

const file = uf.files[0];

// check file extension to verify .htm/.html
if (this.checkFileType(file.name)) {

const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);

// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);

// set request headers
const req_options = {
headers: headers

};

this.http.post(dataUrl, formData, req_options).subscribe(
response => {
this.response_message = 'The following file ' + file.name + ' was published successfully.';

// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';

// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;

},
error => {

this._err = <Error>error.json();

// re-enable submit after error response
this.disableSubmit = false;
}
);

} else {
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
}
} else {
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
}

public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders {

// declare variables
let headers: HttpHeaders = new HttpHeaders();


// set aws config parameter
const config: Config = {
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
};

// create aws-sign-web object
const signer = new AwsSigner(config);

// declare aws-sign-web request object
const request = {
method: method,
url: dataURL,
body: formData
};

// sign aws request
const signed = signer.sign(request);

console.log(signed);

// loop through signed request objects and map to Headers list object
for (const attribute in signed) {
if (signed[attribute]) {
headers = headers.append(attribute, signed[attribute]);
}
}

return headers;

}


Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.










share|improve this question














Currently working on a client Angular 6 front-end application that is consuming an AWS API Gateway endpoint that has IAM authorization enabled to upload a file with associated metadata to ultimately reside in an S3 bucket.



The app javascript is using a FormData object to encapsulate the file object and metadata and executing an HTTP POST request via Angular HttpClient API and aws-sign-web for SigV4 request header signing. I am currently experiencing an issue when making the POST request call to AWS API Gateway that notes the signed request does not match and receiving the following error message from AWS; "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method."



Note: The file upload POST request works fine without IAM authorization enabled.



Here is a snippet of Angular signed request code:



onSubmit() {

// clear response messages to hide as necessary
this.response_message = '';
this._err.message = '';
const dataUrl: string = this.baseUrl + '/api/UploadDB/Post';

// disable submit button
this.disableSubmit = true;
this.sort_id = this.getSortID();
const currentFile: string = this.buildFileName();

// append file and parameters to form
const uf = this.upload_file.nativeElement;
if (uf.files && uf.files[0]) {

const file = uf.files[0];

// check file extension to verify .htm/.html
if (this.checkFileType(file.name)) {

const formData: FormData = new FormData();
formData.append('file', file, currentFile);
formData.append('sortid', this.sort_id);

// set HTTP headers from aws-sign-web utility
const headers = this.AWSService.CreateAWSSignedPostRequest(dataUrl, 'POST', formData, this._AuthCredentials.AccessKeyId,
this._AuthCredentials.SecretAccessKey, this._AuthCredentials.SessionToken);

// set request headers
const req_options = {
headers: headers

};

this.http.post(dataUrl, formData, req_options).subscribe(
response => {
this.response_message = 'The following file ' + file.name + ' was published successfully.';

// clear form
this.uploadForm.reset();
this.upload_file.nativeElement.value = '';

// reset the file browser select label
this.upload_file_label = this.upload_file_default_label_msg;

},
error => {

this._err = <Error>error.json();

// re-enable submit after error response
this.disableSubmit = false;
}
);

} else {
// invalid file type return error message
// tslint:disable-next-line:max-line-length
this._err.message = 'errmessage;
this.disableSubmit = false;
}
} else {
// there was a problem with the selected file prior to upload
this._err.message = 'errmessage';
this.disableSubmit = false;
}

public CreateAWSSignedPostRequest(dataURL: string, method: string, formData:
any, accessKeyID: string,
secretAccessKey: string, sessionToken: string): HttpHeaders {

// declare variables
let headers: HttpHeaders = new HttpHeaders();


// set aws config parameter
const config: Config = {
region: environment.region,
service: 'execute-api',
accessKeyId: accessKeyID,
secretAccessKey: secretAccessKey,
sessionToken: sessionToken
};

// create aws-sign-web object
const signer = new AwsSigner(config);

// declare aws-sign-web request object
const request = {
method: method,
url: dataURL,
body: formData
};

// sign aws request
const signed = signer.sign(request);

console.log(signed);

// loop through signed request objects and map to Headers list object
for (const attribute in signed) {
if (signed[attribute]) {
headers = headers.append(attribute, signed[attribute]);
}
}

return headers;

}


Any assistance is appreciated in resolving this signed request mismatch for sending HTTP POST requests to API Gateway with file multipart/form-data.







angular typescript amazon-web-services authorization aws-api-gateway






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 14 '18 at 17:08









sysarch-gatorsysarch-gator

11




11













  • Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.

    – sysarch-gator
    Jan 15 at 12:54



















  • Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.

    – sysarch-gator
    Jan 15 at 12:54

















Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.

– sysarch-gator
Jan 15 at 12:54





Following up on this initial thread in the event it helps anyone. I had to re-write this function to serialize the file upload content into a string to allow the signed request to match what the API Gateway endpoint was expecting. As an alternative file uploads via code direct to S3 may be a better option to avoid issues with API Gateway entirely.

– sysarch-gator
Jan 15 at 12:54












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53305435%2faws-api-gateway-endpoint-authenticated-file-upload-post-request-signature-mismat%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53305435%2faws-api-gateway-endpoint-authenticated-file-upload-post-request-signature-mismat%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Florida Star v. B. J. F.

Danny Elfman

Retrieve a Users Dashboard in Tumblr with R and TumblR. Oauth Issues