Skip to content

feat(core): resolve auth schemes based on the preference list #1571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Apr 28, 2025
Merged

feat(core): resolve auth schemes based on the preference list #1571

merged 8 commits into from
Apr 28, 2025

Conversation

trivikr
Copy link
Contributor

@trivikr trivikr commented Apr 24, 2025
edited
Loading

Issue #, if available:
Internal JS-5811

Description of changes:
Resolves auth schemes based on the preference list

Testing is done by installing @aws-sdk/client-s3 and @smithy/core, and validating signature

$ yarn add ../aws-sdk-js-v3/clients/client-s3/aws-sdk-client-s3-3.796.0.tgz
$ yarn add ../smithy-typescript/packages/core/smithy-core-3.2.0.tgz
$ cp -R node_modules/@smithy/core/* node_modules/@aws-sdk/client-s3/node_modules/@smithy/core

Test code

import { S3 } from "@aws-sdk/client-s3";
import "@aws-sdk/signature-v4-crt";

const interceptorMiddleware = (next, context) => (args) => {
  // middleware intercept the request and return it early
  const request = args.request;
  return Promise.resolve({
    output: {
      $metadata: { attempts: 0, httpStatusCode: 200 },
      request,
      context,
    },
    response: {},
  });
};

const OutpostId = "op-01234567890123456";
const AccountId = "123456789012";
const region = "us-west-2";
const clientRegion = "us-east-1";
const credentials = { accessKeyId: "key", secretAccessKey: "secret" };

const client = new S3({
  region: clientRegion,
  credentials,
  useArnRegion: true,
  authSchemePreference: ["sigv4"],
});

client.middlewareStack.add(interceptorMiddleware, {
  step: "finalizeRequest",
  priority: "low",
});

const result = await client.putObject({
  Bucket: `arn:aws:s3-outposts:${region}:${AccountId}:outpost/${OutpostId}/accesspoint/abc-111`,
  Key: "key",
  Body: "body",
});

const headers = result.request.headers;
const authorizationHeader =
  headers["authorization"] || headers["Authorization"];

// Prints "AWS4-ECDSA-P256-SHA256" when authSchemePreference starts with "sigv4a", or is not set.
// Prints "AWS4-HMAC-SHA256" when authSchemePreference is set to "sigv4".
console.log(authorizationHeader.split(" ")[0]);

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@trivikr trivikr changed the title Resolve auth schemes based on the preference list feat(core): resolve auth schemes based on the preference list Apr 24, 2025
@trivikr

This comment was marked as outdated.

Sign in to view
@trivikr trivikr marked this pull request as ready for review April 25, 2025 07:03
@trivikr trivikr requested a review from a team as a code owner April 25, 2025 07:03
@trivikr trivikr merged commit 5896264 into main Apr 28, 2025
10 checks passed
@trivikr trivikr mentioned this pull request Apr 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kuhe kuhe kuhe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trivikr @kuhe