Cannot get the username/password from an SNS Subscription URL

0

Hello,

For a subscription within an SNS topic, I use an endpoint that uses 'Basic Authentication'. The endpoint is like this: https://username:password@test.endpoint.nl

Unfortunately, no matter what I try, I cannot get the username and password when AWS sends a notification to the endpoint. I am using PHP/Laravel and I tried all $_SERVER variables to get the username and password, like $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $_SERVER['HTTP_AUTHORIZATION'] and $_SERVER['REDIRECT_HTTP_AUTHORIZATION']. None of the variables gives a value when SNS topic sends a notification. And yes, when I test on my machine (so when I am not using SNS topic), I just can get the username and password from the endpoint by using the SERVER variables...

What am I doing wrong, so that I cannot get the username and password from the endpoint, when a notification is sent by SNS topic?

Hope someone can help. Thanks in advance.

1 Answer
0

Hello,

The body of the message sent by SNS will not contain the username and password. They can however, be accessed from the authorization token. Allow me to explain SNS message sending to a HTTP method with Basic Authentication.

This process involves two steps. One is for authentication and other is for the business logic. So SNS sends message to HTTPS URL where as the first step its checks the authentication. After the successful authentication, the message will be delivered to the the URL which is subscribed to the topic.

In order to have better understanding, let me provide an example. A HTTPS endpoint is created using API Gateway which has the backend integration configured with a Lambda function, and a Lambda function as a custom authorizer. Once the SNS topic publishes message to the API Gateway API’s https endpoint, which contains both the basic auth credentials (eg: https://admin:pass@domain.com), the Lambda authorizer will manage the authorisation. Only the notification body will be received by the backend Lambda integration.

In your case, you will need to check your endpoint’s authentication to retrieve the key value of the authorisation token which contains the username and password in base 64 encoded format after the word ‘Basic’ - you can decode it and use it for your use case. It will be in this format in Nodejs:

{ “authorizationToken": "Basic {{base 64 encoded username:password}}” }

For resource level troubleshooting, I would request you to raise a premium support case and a Support Engineer can look into the topic/subscription in question.

answered 15 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions