[jira] [Commented] (HTTPCLIENT-2160) Authorization header doesn't support comma separated values syntax

Thu, 20 May 2021 07:54:04 -0700 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17348577#comment-17348577
 ] 

Nicolas Lenoire commented on HTTPCLIENT-2160:
---------------------------------------------

[~olegk], I know that HttpClient doesn't support AWS4-HMAC-SHA256 
authentication type. That's the point of this issue.

However, note that if commas are removed from the header value, then AWS 
authentication works. Hence it would be nice if HttpClient can support this 
kind of authentication scheme with commas, as documented by AWS.

> Authorization header doesn't support comma separated values syntax
> ------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2160
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2160
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.5.13
>            Reporter: Nicolas Lenoire
>            Priority: Major
>
> I'm trying to authenticate to an AWS service using an AWS specific 
> authorization type 
> ([https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html).]
> HTTP client splits the header into multiple authorization headers which cause 
> an HTTP 400 response from AWS service.
> Example:
> The request header
> {code:java}
> Authorization: AWS4-HMAC-SHA256 
> Credential=AKIAYYTXXF2ED3DDZKPB/20200723/us-east-1/rekognition/aws4_request, 
> SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-target, 
> Signature=b7a5caaad97b8115c2a2c7d58227307fb6a010bdad79612b15488d6779e34788{code}
> HTTP client logs
> {code:java}
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> POST 
> / HTTP/1.1
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> 
> Authorization: AWS4-HMAC-SHA256 
> Credential=AKIAYYTXXF2ED3DDZKPB/20200723/us-east-1/rekognition/aws4_request
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> 
> Authorization: 
> SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-target
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> 
> Authorization: 
> Signature=b7a5caaad97b8115c2a2c7d58227307fb6a010bdad79612b15488d6779e34788{code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to