SignatureDoesNotMatch
99 views
Skip to first unread message
Paul
Nov 17, 2010, 3:28:18 PM11/17/10
to SowaCS Consulting
Hi - I'm getting the following error when I use your AWS signing service:
The request signature we calculated does not match the signature you
provided. Check your AWS Secret Access Key and signing method. Consult the
service documentation for details.
The request signature we calculated does not match the signature you
provided. Check your AWS Secret Access Key and signing method. Consult the
service documentation for details.
The URL I'm using is for AWS SQS. It looks like this:
http://sowacs.appspot.com/AWS/queue.amazonaws.com/?AWSAccessKeyId=removed&Ac
tion=ListQueues&Version=2006-04-01
I have tried adding SignatureVersion=0 and SignatureVersion=1 (since I
didn't know which one you were using) but neither had any effect.
Thanks,
Paul
Paul
Nov 17, 2010, 4:12:46 PM11/17/10
to SowaCS Consulting
Hi - I'm getting the following error when I use your AWS signing service:
The provided security credentials are not valid. Reason: Signature version 0has been deprecated and is no longer allowed
The URL I'm using is for AWS SQS. It looks like this:
http://sowacs.appspot.com/AWS/queue.amazonaws.com/?AWSAccessKeyId=removed&Ac
tion=ListQueues
Are you using SignatureVersion 0? Is that the problem?
Thanks,
Paul
C Sowa
Nov 18, 2010, 2:02:06 AM11/18/10
to SowaCS Consulting
Paul:
I hadn't considered the possibility of using AWSQS for services other
than the Product Advertising API (PAA), other than to think of it as
"out of scope" at the time due to that immediate need. Now that you
mention it, though, it appears that there isn't much difference in the
signing requirements for the rest of AWS. However, as it stands,
AWSQS will always use a Timestamp parameter in the request, so it
won't work with Simple Queueing Service's (SQS) Expires parameter.
You can try using a future-dated Timestamp for that purpose; it works
that way with PAA.
To test this out, I signed up for SQS, and tried CreateQueue and
ListQueue actions. This works fine if you provide the SignatureMethod
and SignatureVersion parameters yourself, as follows:
sowacs.appspot.com/AWS/sqs.us-west-1.amazonaws.com/?
AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX&Action=ListQueues&SignatureMethod=HmacSHA256&SignatureVersion=2
... using whatever SQS endpoint you need.
I'll take a look at what it would take to re-design things to cover
other AWS service requests. This won't happen in a hurry, though,
since I would also make other site updates. My initial sense is that
I would create one or more new GAE apps to help distribute the load,
if this can be justified under GAE terms.
Meanwhile, you may want to take a look at http://sowacs.org/AWSQSDownloads.aspx
, specifically the AWSQuerySigner_py.zip download. With a few minor
changes you could have your own personal GAE-based AWS signing service
working just the way you need.
Hope this helps. I'll post back here if/when any general AWS signing
progress occurs. I would probably start a new group for that after an
initial notice or two.
---Chris
On Nov 17, 12:12 pm, "Paul" <p...@general-books.net> wrote:
> Hi - I'm getting the following error when I use your AWS signing service:
> The provided security credentials are not valid. Reason: Signature version 0
> has been deprecated and is no longer allowed
>
> The URL I'm using is for AWS SQS. It looks like this:http://sowacs.appspot.com/AWS/queue.amazonaws.com/?AWSAccessKeyId=rem...
I hadn't considered the possibility of using AWSQS for services other
than the Product Advertising API (PAA), other than to think of it as
"out of scope" at the time due to that immediate need. Now that you
mention it, though, it appears that there isn't much difference in the
signing requirements for the rest of AWS. However, as it stands,
AWSQS will always use a Timestamp parameter in the request, so it
won't work with Simple Queueing Service's (SQS) Expires parameter.
You can try using a future-dated Timestamp for that purpose; it works
that way with PAA.
To test this out, I signed up for SQS, and tried CreateQueue and
ListQueue actions. This works fine if you provide the SignatureMethod
and SignatureVersion parameters yourself, as follows:
sowacs.appspot.com/AWS/sqs.us-west-1.amazonaws.com/?
AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX&Action=ListQueues&SignatureMethod=HmacSHA256&SignatureVersion=2
... using whatever SQS endpoint you need.
I'll take a look at what it would take to re-design things to cover
other AWS service requests. This won't happen in a hurry, though,
since I would also make other site updates. My initial sense is that
I would create one or more new GAE apps to help distribute the load,
if this can be justified under GAE terms.
Meanwhile, you may want to take a look at http://sowacs.org/AWSQSDownloads.aspx
, specifically the AWSQuerySigner_py.zip download. With a few minor
changes you could have your own personal GAE-based AWS signing service
working just the way you need.
Hope this helps. I'll post back here if/when any general AWS signing
progress occurs. I would probably start a new group for that after an
initial notice or two.
---Chris
On Nov 17, 12:12 pm, "Paul" <p...@general-books.net> wrote:
> Hi - I'm getting the following error when I use your AWS signing service:
> The provided security credentials are not valid. Reason: Signature version 0
> has been deprecated and is no longer allowed
>
C Sowa
Nov 19, 2010, 3:55:05 AM11/19/10
to SowaCS Consulting
FYI, using an Expires parameter should work now. In that case, no
Timestamp will be added.
---Chris
On Nov 17, 10:02 pm, C Sowa <sow...@gmail.com> wrote:
> ...
Timestamp will be added.
---Chris
On Nov 17, 10:02 pm, C Sowa <sow...@gmail.com> wrote:
> ...
> signing requirements for the rest of AWS. However, as it stands,
> AWSQS will always use a Timestamp parameter in the request, so it
> won't work with Simple Queueing Service's (SQS) Expires parameter.
> ...
> AWSQS will always use a Timestamp parameter in the request, so it
> won't work with Simple Queueing Service's (SQS) Expires parameter.
Reply all
Reply to author
Forward
0 new messages