Authorization header potentially not parsed right


This question refers to Docker image localstack/localstack:1.3.0.

I’m performing a request with an Authorization header like AWS4-HMAC-SHA256 Credential=<cred>,SignedHeaders=<sign_head>,Signature=<sign>.

This request is getting rejected by “missing parameter SignedHeaders”.

If I change the request to AWS4-HMAC-SHA256 Credential=<cred>, SignedHeaders=<sign_head>, Signature=<sign> (notice the spaces after the commas) it gets correctly parsed, and I get a proper response.

Since I’m using a library to access to the server (next to which I’ve also asked for help in understanding the issue) this is not simply a question of “adding the space and we’re done with it”. :smile:

For reference, AWS’s Authenticating Requests (AWS Signature Version 4): Using an Authorization Header: Overview documentation isn’t exactly detailed on how the header is formed, in terms of spaces, but the CLI seems to use a space after the comma.

Do you think that that specific parsing element could be adjusted to not care about the space? Is there any other alternative to move forward?

Thank you.

I’ve tried with 1.3.1 and the issue is still present. I wouldn’t mind pull requesting to fix it, if it’s acceptable that that extra space might or might not exist (as AWS seems to indicate) - in that case we’d probably also have to create a few extra tests to make sure there’s no regression.

Hi @paulo-f-oliveira, thanks for posting this. This seems like a bug, could you please file this on our GitHub issue tracker? It would be helpful to be as detailed as possible since you mentioned using a library. Alternatively you can also try submitting a fix yourself, LocalStack engineers will be happy to walk you through merging it.