Cannot get the username/password from an SNS Subscription URL

0

Hello,

For a subscription within an SNS topic, I use an endpoint that uses 'Basic Authentication'. The endpoint is like this: https://username:password@test.endpoint.nl

Unfortunately, no matter what I try, I cannot get the username and password when AWS sends a notification to the endpoint. I am using PHP/Laravel and I tried all $_SERVER variables to get the username and password, like $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $_SERVER['HTTP_AUTHORIZATION'] and $_SERVER['REDIRECT_HTTP_AUTHORIZATION']. None of the variables gives a value when SNS topic sends a notification. And yes, when I test on my machine (so when I am not using SNS topic), I just can get the username and password from the endpoint by using the SERVER variables...

What am I doing wrong, so that I cannot get the username and password from the endpoint, when a notification is sent by SNS topic?

Hope someone can help. Thanks in advance.

已提问 2 年前347 查看次数
1 回答
0

Hello,

The body of the message sent by SNS will not contain the username and password. They can however, be accessed from the authorization token. Allow me to explain SNS message sending to a HTTP method with Basic Authentication.

This process involves two steps. One is for authentication and other is for the business logic. So SNS sends message to HTTPS URL where as the first step its checks the authentication. After the successful authentication, the message will be delivered to the the URL which is subscribed to the topic.

In order to have better understanding, let me provide an example. A HTTPS endpoint is created using API Gateway which has the backend integration configured with a Lambda function, and a Lambda function as a custom authorizer. Once the SNS topic publishes message to the API Gateway API’s https endpoint, which contains both the basic auth credentials (eg: https://admin:pass@domain.com), the Lambda authorizer will manage the authorisation. Only the notification body will be received by the backend Lambda integration.

In your case, you will need to check your endpoint’s authentication to retrieve the key value of the authorisation token which contains the username and password in base 64 encoded format after the word ‘Basic’ - you can decode it and use it for your use case. It will be in this format in Nodejs:

{ “authorizationToken": "Basic {{base 64 encoded username:password}}” }

For resource level troubleshooting, I would request you to raise a premium support case and a Support Engineer can look into the topic/subscription in question.

AWS
已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则