Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

API Gateway Websocket sigv4 ahthentication

0

Hi

I'm currently getting my head around the new Websocket feature of API Gateway and went through the following blog post to get started: https://aws.amazon.com/blogs/compute/announcing-websocket-apis-in-amazon-api-gateway/

However authentication is not used in this example and I need to see how that would work. In the post wscat is used as the websocker client and I don't believe there is a way to use that to call sigv4 APIs (unless I'm wrong ?)

Does anyone have a working code (any language would do: Python, Java, NodeJS etc.) that would connect to a Websocket that needs sigv4 auth ?

Themen
ServerlosFrontend-Web & MobileVernetzung & Bereitstellung von Inhalten
Tags
Amazon API-Gateway
Sprache
English
AWS
Amir Javanshir
gefragt vor 5 Jahren1166 Aufrufe
1 Antwort
1
Akzeptierte Antwort

It is possible, I connected to WSS endpoints using Sigv4 in two distinct ways: using headers and querystring.

Example of wscat command using headers:

wscat -H "Sec-WebSocket-Version:13" \
-H "Sec-WebSocket-Key:d6Bb3S0ZIibBDRfF460/Hw==" \
-H "Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits" \
-H "Date:20211011T205720Z" \
-H "Authorization:AWS4-HMAC-SHA256 Credential=AKIAS123456789012345/20211011/us-east-1/managedblockchain/aws4_request, SignedHeaders=date;host, Signature=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
-c wss://nd-aaaaaaaaaaaaaaaaaaaaaaaaaa.wss.ethereum.managedblockchain.us-east-1.amazonaws.com

Example of wscat command using querystring:

wscat --connect "wss://nd-aaaaaaaaaaaaaaaaaaaaaaaaaa.wss.ethereum.managedblockchain.us-east-1.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS123456789012345%2F20211018%2Fus-east-1%2Fmanagedblockchain%2Faws4_request&X-Amz-Date=20211018T151804Z&X-Amz-Expires=30&X-Amz-SignedHeaders=host&X-Amz-Signature=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

Important: the implementation of WebSocket for web browsers do not accept headers, so you mush go with the query string version.

Code used to output a wscat command with Header auth:

Refer to these very useful examples here: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

profile pictureAWS
EXPERTE
Everton Fraga
beantwortet vor 3 Jahren
profile picture
EXPERTE
Sedat Salman
überprüft vor 4 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt