Error when running test-invoke-authorizer: tokenSignature

0

I am attempting to create a custom authorizer for IoT and am following this guide:
https://aws.amazon.com/blogs/security/how-to-use-your-own-identity-and-access-management-systems-to-control-access-to-aws-iot-resources/

When I attempt to test my authorizer with this command:
aws iot test-invoke-authorizer --authorizer-name <authorizer_name> --token allow --token-signature <token_signature>

I get the response:
An error occurred (InvalidRequestException) when calling the TestInvokeAuthorizer operation: 1 validation error detected: Value '<signature here>' at 'tokenSignature' failed to satisfy constraint: Member must satisfy regular expression pattern: [A-Za-z0-9_/]_={0,2}

I am testing it in Centos, and have created a bash script like this:
#!/bin/bash
sig=cat token.sign.b64
aws iot test-invoke-authorizer --authorizer-name MyAuthorizer --token allow --token-signature "$sig"

The token.sign.b64 is created as per the instructions in the guide.

How do I get it to authorize correctly?

tobyjo
asked 5 years ago463 views
1 Answer
0

I found the answer myself.

Running
od -c token.sign.b64
to view the actual byte contents of the file showed that it had \n chars in it which would have been generating the error.

So instead of just running base64 on the file I ran this to ensure that no \n got into the output file:
base64 token.sign | tr -d \n > token.sign.b64

tobyjo
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions