Nordalf opened a new issue, #466:
URL: https://github.com/apache/arrow-rs-object-store/issues/466
## Problem
Hey good folks,
When using Supabase's S3-compatible storage with session token
authentication (JWT), the `AmazonS3Builder` fails with "SignatureDoesNotMatch"
error: "The request signature we calculated does not match the signature you
provided. Check your credentials. The session token should be a valid JWT
token."
The same credentials work successfully with Supabase's generated
access_key/secret_key pairs. This is only an issue when you're adding the JWT
Session / user token into the mix.
Looking forward to the conversation on this topic!
## Reproduce
```rust
use object_store::aws::AmazonS3Builder;
let s3 = AmazonS3Builder::new()
.with_endpoint("https://project-ref.supabase.co/storage/v1/s3";)
.with_access_key_id("project_ref") // Supabase project
reference
.with_secret_access_key("supabase_anon_key") // Supabase anon/public
key
.with_token("eyJhbGciOiJIUzI1NiIsInR5cCI...") // Supabase JWT session
token
.build()?;
let result = s3.list(None).await; // Returns SignatureDoesNotMatch error
```
**Expected:** Operations should succeed as they do with AWS SDK for
JavaScript using identical credentials.
**Actual:** All operations fail with the error response indicating JWT
signature validation failure.
## Version Information
- **object_store version:** 0.12.2
- **Rust version:** rustc 1.88.0 (6b00bc388 2025-06-23)
- **Platform:** macOS 15.5
- **Supabase S3 endpoint:** S3-compatible storage (Public Alpha)
**Note:** The same JWT works successfully when used with
`@aws-sdk/client-s3` in JavaScript, suggesting the issue may be specific to
object_store's JWT handling in signature calculations. But I may be **very**
wrong here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
