Skip to content

HMAC Auth examples not working as described #7204

Open
@heckea

Description

@heckea

Where is the problem?

https://docs.konghq.com/hub/kong-inc/hmac-auth/

What happened?

I tried to get the examples including @request-target in the documentation working, but the signature validation failed. I checked out the source and found out that instead
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nGET /requests HTTP/1.1"
it should be
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nget /requests"

What did you expect to happen?

It's explicitly stated in the docs here #https://docs.konghq.com/hub/kong-inc/hmac-auth/#signature-string-construction that @request-target should not include the HTTP version, but it's not consistent with the other example that I was using. Also the HTTP method is all upper case in the sample, just as I was reviewing the code I saw that the plugin will use it lower case for the signing string.
Another helpful note would be that the plugin creates the binary string representation for the hash. I was using openssl in ubuntu for my tests with curl and there the default is hex.

Code of Conduct and Community Expectations

  • I agree to follow this project's Code of Conduct
  • I agree to abide by the Community Expectations

Metadata

Metadata

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions