You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried to get the examples including @request-target in the documentation working, but the signature validation failed. I checked out the source and found out that instead signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nGET /requests HTTP/1.1"
it should be signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nget /requests"
What did you expect to happen?
It's explicitly stated in the docs here #https://docs.konghq.com/hub/kong-inc/hmac-auth/#signature-string-construction that @request-target should not include the HTTP version, but it's not consistent with the other example that I was using. Also the HTTP method is all upper case in the sample, just as I was reviewing the code I saw that the plugin will use it lower case for the signing string.
Another helpful note would be that the plugin creates the binary string representation for the hash. I was using openssl in ubuntu for my tests with curl and there the default is hex.
Code of Conduct and Community Expectations
I agree to follow this project's Code of Conduct
I agree to abide by the Community Expectations
The text was updated successfully, but these errors were encountered:
Where is the problem?
https://docs.konghq.com/hub/kong-inc/hmac-auth/
What happened?
I tried to get the examples including @request-target in the documentation working, but the signature validation failed. I checked out the source and found out that instead
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nGET /requests HTTP/1.1"it should be
signing_string="date: Thu, 22 Jun 2017 17:15:21 GMT\nget /requests"What did you expect to happen?
It's explicitly stated in the docs here #https://docs.konghq.com/hub/kong-inc/hmac-auth/#signature-string-construction that @request-target should not include the HTTP version, but it's not consistent with the other example that I was using. Also the HTTP method is all upper case in the sample, just as I was reviewing the code I saw that the plugin will use it lower case for the signing string.
Another helpful note would be that the plugin creates the binary string representation for the hash. I was using openssl in ubuntu for my tests with curl and there the default is hex.
Code of Conduct and Community Expectations
The text was updated successfully, but these errors were encountered: