Skip to content
This repository has been archived by the owner on Jun 26, 2020. It is now read-only.

v1.3.0 breaks URL signing #9

Open
tnolet opened this issue Oct 23, 2018 · 6 comments
Open

v1.3.0 breaks URL signing #9

tnolet opened this issue Oct 23, 2018 · 6 comments

Comments

@tnolet
Copy link

tnolet commented Oct 23, 2018
edited

Hi,

not complaining, but the v1.3.0 break backwards compatibility. My apps AWS IOT function that uses this package broke. Rolling back to version 1.1.0 fixed everything. My mistake to not pin the version, but still.
I don't really know why it broke, but I use your package in the following way:

const v4 = require('aws-signature-v4')
const crypto = require('crypto')

function getSignedUrl () {
  return v4.createPresignedURL(
      'GET',
      config.aws.iotEndpointHost.toLowerCase(),
      '/mqtt',
      'iotdevicegateway',
      crypto.createHash('sha256').update('', 'utf8').digest('hex'),
    {
      'key': config.aws.iotAccessKey,
      'secret': config.aws.iotSecretKey,
      'protocol': 'wss',
      'region': config.aws.iotAwsRegion
    }
    )
}

So I guess something changed in the createPresignedURL method
@slaskis
Copy link
Contributor

slaskis commented Oct 24, 2018

Oh no!

Sorry about that, I didn't think of it as a breaking change but I realize now that I changed so the payload argument is now hashed inside the library which may be the issue here (because of different behaviour between services).

Could you try just passing an empty string instead of the hash as the 5th argument?

I even had an integration test just like yours for this release ..

@delprofundo
Copy link
Contributor

Hey it's broken for me as well. I've just tried replacing what I made with that which published and its gone back to the way it was to start with. I am getting no token anymore. That switching in the IoT must be doing it. Anyway I'll use mine until its sorted.

@Pwntus
Copy link

Pwntus commented Nov 6, 2018
edited

I think this is breaking a lot of stuff. I'm coming from the NPM package aws-mqtt-client, which requires aws-signature-v4@1.3.0 and it is preventing me from authorizing an MQTT client. 😁

@viotti
Copy link

viotti commented Nov 8, 2018
edited

This release also broke https://github.com/kmamykin/aws-mqtt. Lost half a days work looking for bugs in my deployment util I finally landed here 😒. I had to lock version 1.2.1 in package.json.

@stanmarsh2
Copy link

Guys, try this lib: https://github.com/mhart/aws4
Very user-friendly, don't waste your time :)

@rajitha1998
Copy link

rajitha1998 commented Feb 12, 2020
edited

The solution for me was to use "aws-sdk": "^2.292.0" & "aws-signature-v4": "1.2.1" . To resolve the error in IoT

node version: 10.x in AWS lambda

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@slaskis @Pwntus @viotti @tnolet @delprofundo @stanmarsh2 @rajitha1998