Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorization header requires 'Credential' parameter

We are using Identity Server4 with .NET Core and deploy the application as AWS Serverless lambda function. When are calling the token endpoint to generated access token we got the following error message:

{ "message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Basic Y2xpZW50OnNlY3JldA==" 

}

Here is our ConfigurationServices method in Identity Server application:

 public void ConfigureServices(IServiceCollection services)     {         services.AddSingleton<IConfiguration>(Configuration);          //connection string         string connectionString = Configuration.GetConnectionString("IdentityServer");          var rsaProvider = new RSACryptoServiceProvider(2048);          SecurityKey key = new RsaSecurityKey(rsaProvider);          var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials               (key, SecurityAlgorithms.RsaSha256Signature);           var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;          services.AddIdentityServer()            .AddSigningCredential(credentials)             // this adds the config data from DB (clients, resources)             .AddConfigurationStore(options =>             {                 options.ConfigureDbContext = builder =>                 builder.UseSqlServer(connectionString,                 sql => sql.MigrationsAssembly(migrationsAssembly));             }) // this adds the operational data from DB (codes, tokens, consents)             .AddOperationalStore(options =>             {                 options.ConfigureDbContext = builder =>                 builder.UseSqlServer(connectionString,             sql => sql.MigrationsAssembly(migrationsAssembly));                  // this enables automatic token cleanup. this is optional.                  options.EnableTokenCleanup = true;                  options.TokenCleanupInterval = 30;             });          // Add S3 to the ASP.NET Core dependency injection framework.         services.AddAWSService<Amazon.S3.IAmazonS3>();     } 

Here is our client application that calling identity server's token endpoint to generate token:

[HttpGet]     public async Task<IActionResult> Get(string client, string secret)     {          IActionResult result = null;          //discover endpoints from metadata          //var disco = await DiscoveryClient.GetAsync("http://localhost:3000/");          var disco = await DiscoveryClient.GetAsync("hide for security reasons/");          if (disco.IsError)         {             result = NotFound(disco.Error);              return result;         }         //request token          var tokenClient = new TokenClient(disco.TokenEndpoint, client, secret);          var tokenResponse = await tokenClient.RequestClientCredentialsAsync(scope: "sup");          if (tokenResponse.IsError)         {             result = NotFound(tokenResponse.Error);         }          result = Ok(tokenResponse.Json);          return result;     } 
like image 402
Rakesh Kumar Avatar asked Feb 19 '18 10:02

Rakesh Kumar


People also ask

How do I pass credentials in Authorization header?

It is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.

What is authorization header?

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.

Does API gateway pass authorization header to Lambda?

For a Lambda authorizer of the REQUEST type, API Gateway passes request parameters to the authorizer Lambda function as part of the event object. The request parameters include headers, path parameters, query string parameters, stage variables, and some of request context variables.

What is AWS4 Hmac SHA256?

Description. AWS4-HMAC-SHA256. The algorithm that was used to calculate the signature. You must provide this value when you use AWS Signature Version 4 for authentication. The string specifies AWS Signature Version 4 ( AWS4 ) and the signing algorithm ( HMAC-SHA256 ).


1 Answers

Just in case someone else makes their way here, this happened to me because I had a typo in the path of my URL.

When I corrected my typo, everything worked for me.

Mini context: I was confused because I was using a Lambda authorizer for my API Gateway resource, and I didn't even see anything hitting the Cloudwatch logs for that Lambda.

like image 54
HeyWatchThis Avatar answered Sep 23 '22 12:09

HeyWatchThis