[jira] [Commented] (HTTPCLIENT-2160) Authorization header doesn't support comma separated values syntax

Fri, 21 May 2021 04:47:06 -0700 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17349167#comment-17349167
 ] 

Julian Reschke commented on HTTPCLIENT-2160:
--------------------------------------------

bq. your input seems to be invalid according to the RFC.

It is indeed; tokens can not contain "/". But that seems to be a problem of the 
auth scheme definition in 
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
 (feedback to Amazon sent)

> Authorization header doesn't support comma separated values syntax
> ------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2160
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2160
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.5.13
>            Reporter: Nicolas Lenoire
>            Priority: Major
>
> I'm trying to authenticate to an AWS service using an AWS specific 
> authorization type 
> ([https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html).]
> HTTP client splits the header into multiple authorization headers which cause 
> an HTTP 400 response from AWS service.
> Example:
> The request header
> {code:java}
> Authorization: AWS4-HMAC-SHA256 
> Credential=AKIAYYTXXF2ED3DDZKPB/20200723/us-east-1/rekognition/aws4_request, 
> SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-target, 
> Signature=b7a5caaad97b8115c2a2c7d58227307fb6a010bdad79612b15488d6779e34788{code}
> HTTP client logs
> {code:java}
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> POST 
> / HTTP/1.1
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> 
> Authorization: AWS4-HMAC-SHA256 
> Credential=AKIAYYTXXF2ED3DDZKPB/20200723/us-east-1/rekognition/aws4_request
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> 
> Authorization: 
> SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-target
> [UIThread [62374a04]] DEBUG org.apache.http.headers - http-outgoing-4 >> 
> Authorization: 
> Signature=b7a5caaad97b8115c2a2c7d58227307fb6a010bdad79612b15488d6779e34788{code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to