Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HMAC Auth examples not working as described #7204

Open
2 tasks done
heckea opened this issue Apr 10, 2024 · 0 comments
Open
2 tasks done

HMAC Auth examples not working as described #7204

heckea opened this issue Apr 10, 2024 · 0 comments
Assignees
Labels

Comments

@heckea
Copy link

heckea commented Apr 10, 2024

Where is the problem?

https://docs.konghq.com/hub/kong-inc/hmac-auth/

What happened?

I tried to get the examples including @request-target in the documentation working, but the signature validation failed. I checked out the source and found out that instead
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nGET /requests HTTP/1.1"
it should be
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nget /requests"

What did you expect to happen?

It's explicitly stated in the docs here #https://docs.konghq.com/hub/kong-inc/hmac-auth/#signature-string-construction that @request-target should not include the HTTP version, but it's not consistent with the other example that I was using. Also the HTTP method is all upper case in the sample, just as I was reviewing the code I saw that the plugin will use it lower case for the signing string.
Another helpful note would be that the plugin creates the binary string representation for the hash. I was using openssl in ubuntu for my tests with curl and there the default is hex.

Code of Conduct and Community Expectations

  • I agree to follow this project's Code of Conduct
  • I agree to abide by the Community Expectations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants