Description
Where is the problem?
https://docs.konghq.com/hub/kong-inc/hmac-auth/
What happened?
I tried to get the examples including @request-target in the documentation working, but the signature validation failed. I checked out the source and found out that instead
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nGET /requests HTTP/1.1"
it should be
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nget /requests"
What did you expect to happen?
It's explicitly stated in the docs here #https://docs.konghq.com/hub/kong-inc/hmac-auth/#signature-string-construction that @request-target should not include the HTTP version, but it's not consistent with the other example that I was using. Also the HTTP method is all upper case in the sample, just as I was reviewing the code I saw that the plugin will use it lower case for the signing string.
Another helpful note would be that the plugin creates the binary string representation for the hash. I was using openssl in ubuntu for my tests with curl and there the default is hex.
Code of Conduct and Community Expectations
- I agree to follow this project's Code of Conduct
- I agree to abide by the Community Expectations