logo
Splunk Team

django rest framework: redirect to amazon s3 fails when using token authentication

  • Last Update :
  • Techknowledgy :

I'm using token authentication in DRF and for a certain API call, want to redirect to S3 (using a URL like https://my_bucket.s3.amazonaws.com/my/file/path/my_file.jpg?Signature=MY_AWS_SIGNATURE&AWSAccessKeyId=MY_AWS_ACCESS_KEY_ID). However, I get the following error from AWS:

<Error>
   <Code>InvalidArgument</Code>
   <Message>Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified</Message>
   <ArgumentName>Authorization</ArgumentName>
   <ArgumentValue>Token a3f61c10592272399099882eb178bd4b755af5bf</ArgumentValue>
   <RequestId>E4038228DD1E6330</RequestId>
   <HostId>9c2xX59cugrR0CHjxQJR8IBE4MXBbNMX+wX2JdPJEuerkAftc32rufotM7COKLIavakByuRUXOo=</HostId>
</Error>

After researching and trying a million ways to get rid of that header, I gave up and decided to try and override the header with an S3 value: AWS MY_AWS_SIGNATURE:MY_AWS_ACCESS_KEY_ID, after which I get a different error:

<Error>
   <Code>InvalidArgument</Code>
   <Message>Unsupported Authorization Type</Message>
   <ArgumentName>Authorization</ArgumentName>
   <ArgumentValue>Token a3f61c10592272399099882eb178bd4b755af5bf</ArgumentValue>
   <RequestId>94D5ADA28C6A5BFB</RequestId>
   <HostId>1YznL6UC3V0+nCvilsriHDAnP2/h3MoDlIJ/L+0V6w7nbHbf2bSxoQflujGmQ5PrUZpNiH7GywI=</HostId>
</Error>

As you can see, the end result is the same--even if I override the Authorization header in my response, it still keeps the original DRF token authentication value.

# relevant portion of my response construction
headers = {
   'Location': 'https://my_bucket.s3.amazonaws.com/my/file/path/my_file.jpg',
   'Authorization': 'AWS %s:%s' % (params['AWSAccessKeyId'], params['Signature'])
}
return Response(status = status.HTTP_302_FOUND, headers = headers)

Suggestion : 2

Doxygen call graph: naming convention, using with Sphinx (Breathe),Getting users input then outputting it,Why Navigation drawer ,no lintening MenuItem click?,Android xamarin local notification in specific day and month

I'm using token authentication in DRF and anycodings_amazon-s3 for a certain API call, want to redirect to anycodings_amazon-s3 S3 (using a URL like anycodings_amazon-s3 https://my_bucket.s3.amazonaws.com/my/file/path/my_file.jpg?Signature=MY_AWS_SIGNATURE&AWSAccessKeyId=MY_AWS_ACCESS_KEY_ID). anycodings_amazon-s3 However, I get the following error from anycodings_amazon-s3 AWS:

<Error>
   <Code>InvalidArgument</Code>
   <Message>Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified</Message>
   <ArgumentName>Authorization</ArgumentName>
   <ArgumentValue>Token a3f61c10592272399099882eb178bd4b755af5bf</ArgumentValue>
   <RequestId>E4038228DD1E6330</RequestId>
   <HostId>9c2xX59cugrR0CHjxQJR8IBE4MXBbNMX+wX2JdPJEuerkAftc32rufotM7COKLIavakByuRUXOo=</HostId>
</Error>

After researching and trying a million ways anycodings_amazon-s3 to get rid of that header, I gave up and anycodings_amazon-s3 decided to try and override the header with anycodings_amazon-s3 an S3 value: AWS anycodings_amazon-s3 MY_AWS_SIGNATURE:MY_AWS_ACCESS_KEY_ID, after anycodings_amazon-s3 which I get a different error:

<Error>
   <Code>InvalidArgument</Code>
   <Message>Unsupported Authorization Type</Message>
   <ArgumentName>Authorization</ArgumentName>
   <ArgumentValue>Token a3f61c10592272399099882eb178bd4b755af5bf</ArgumentValue>
   <RequestId>94D5ADA28C6A5BFB</RequestId>
   <HostId>1YznL6UC3V0+nCvilsriHDAnP2/h3MoDlIJ/L+0V6w7nbHbf2bSxoQflujGmQ5PrUZpNiH7GywI=</HostId>
</Error>

As you can see, the end result is the anycodings_amazon-s3 same--even if I override the Authorization anycodings_amazon-s3 header in my response, it still keeps the anycodings_amazon-s3 original DRF token authentication value.

# relevant portion of my response construction
headers = {
   'Location': 'https://my_bucket.s3.amazonaws.com/my/file/path/my_file.jpg',
   'Authorization': 'AWS %s:%s' % (params['AWSAccessKeyId'], params['Signature'])
}
return Response(status = status.HTTP_302_FOUND, headers = headers)

Suggestion : 3

Django Rest Framework: redirect to Amazon S3 fails when using Token Authentication,Error while generating authentication token in Django Rest Framework,Token Authentication Implementation in Django Rest Framework,Django Token authentication problem accessing another account

What you should do is send the token in the body of a POST request like this:

Authorization: Token "your-token"

Or a a Header in a GET request:

headers = {
   'Authorization': 'Token "your-token"'
}

Suggestion : 4

Last updated: 2021-12-06

DOC - EXAMPLE - BUCKET.s3.region.amazonaws.com
DOC - EXAMPLE - BUCKET.s3.amazonaws.com
DOC - EXAMPLE - BUCKET.s3 - website - us - east - 1. amazonaws.com
http: //DOC-EXAMPLE-BUCKET.s3-website-us-east-1.amazonaws.com/index.html
aws s3 cp s3: //DOC-EXAMPLE-BUCKET/index.html s3://DOC-EXAMPLE-BUCKET/index.html --storage-class STANDARD
{
   "Version": "2008-10-17",
   "Id": "PolicyForCloudFrontPrivateContent",
   "Statement": [{
         "Sid": "Allow-OAI-Access-To-Bucket",
         "Effect": "Allow",
         "Principal": {
            "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EAF5XXXXXXXXX"
         },
         "Action": "s3:GetObject",
         "Resource": [
            "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
         ]
      },
      {
         "Sid": "Allow-Public-Access-To-Bucket",
         "Effect": "Allow",
         "Principal": "*",
         "Action": "s3:GetObject",
         "Resource": [
            "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
         ]
      },
      {
         "Sid": "Access-to-specific-VPCE-only",
         "Effect": "Deny",
         "Principal": "*",
         "Action": "s3:GetObject",
         "Resource": [
            "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
         ],
         "Condition": {
            "StringNotEquals": {
               "aws:sourceVpce": "vpce-1a2b3c4d"
            }
         }
      }
   ]
}
aws s3api list - buckets--query Owner.ID

Suggestion : 5

Last updated 2022-06-17 UTC.

HTTP / 1.1 400 Bad Request {
   "ErrorCode": "invalid_request",
   "Error": "Invalid redirection uri http://www.invalid_example.com"
}
HTTP / 1.1 400 Bad Request {
   "ErrorCode": "invalid_request",
   "Error": "Redirection URI is required"
}
HTTP / 1.1 401 Unauthorized {
   "ErrorCode": "invalid_request",
   "Error": "Invalid client id : AVD7ztXReEYyjpLFkkPiZpLEjeF2aYAz. ClientId is Invalid"
}
HTTP / 1.1 400 Bad Request {
   "ErrorCode": "invalid_request",
   "Error": "The request is missing a required parameter : client_id"
}
HTTP / 1.1 400 Bad Request {
   "ErrorCode": "invalid_request",
   "Error": "Response type must be code"
}
HTTP / 1.1 400 Bad Request {
   "ErrorCode": "invalid_request",
   "Error": "The request is missing a required parameter : response_type"
}


Trending Technology


Most popular in python