HMAC Auth examples not working as described #7204
Assignees
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Where is the problem?
https://docs.konghq.com/hub/kong-inc/hmac-auth/
What happened?
I tried to get the examples including @request-target in the documentation working, but the signature validation failed. I checked out the source and found out that instead
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nGET /requests HTTP/1.1"it should be
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nget /requests"What did you expect to happen?
It's explicitly stated in the docs here #https://docs.konghq.com/hub/kong-inc/hmac-auth/#signature-string-construction that @request-target should not include the HTTP version, but it's not consistent with the other example that I was using. Also the HTTP method is all upper case in the sample, just as I was reviewing the code I saw that the plugin will use it lower case for the signing string.
Another helpful note would be that the plugin creates the binary string representation for the hash. I was using openssl in ubuntu for my tests with curl and there the default is hex.
Code of Conduct and Community Expectations
The text was updated successfully, but these errors were encountered: