While calling my AWS API's using postman we are able to configure authorization as "Aws signature". Want to implement same with karate, really stuck on to this because the Authorization header is dynamically changing through postman internally, any help on this would be really great.Postman AWS
Related
I'm working in a demo where I need to consume a REST API that needs an access token. Currently I'm generating this token with Postman and using it parametrically but I need to make automatic. I already have everything I need but the service to generate this token.
If someone can help me, I would be very thankful.
I tried to generate the token with Postman and use it in a variable, it works, but I need to make ir automatic.
I'm writing some API tests using Katalon Studio which test an AWS API Gateway secured with AWS Cognito. If I provide the JWT in the authentication header, the tests passes as expected. I'm struggling to work out how I should be requesting the JWT based on supplied credentials as part of the test. Is there an easy way I'm missing?
I am trying to access an API by only using a Web address. The documentation says:
Is there any way this would be achievable through the use of only the Web address?
I don't need to know this, but I am just curious.
I am sorry if this question is very basic; I'm just learning how to use apis.
As the text explain, this API uses an HTTP Header named Authorization to receive a Bearer token. It's impossible to access it directly on browser, you will need to use curl for example to access it directly.
There are a few visual tools to allow you debugging some api that you will be able to do this request, like Postman and Insomnia.
Ok I do some reaserch and I try once more explain what I am looking for.
So my question is can I make OAuth provider server using Lambda and API gateway? I didn't found any solution like this, and I don't even know how to start so any ideas are valuable.And then I want to use API custom authentication to validade my bearer token.
I try to be specific as I can:
I have my application where I store my log users. I want to OAuth 2.0 authorization code grant flow using only Lambda and API Gateway (something like Google oAuth but my app want to be an authentication provider). I found couple solutions like this: https://www.authlete.com/documents/article/custom_authorizer/index but I want to use my own authorization server implementation, and I don't want to specific in Lambda auth impl. api_key and secret_key. So there are my questions:
1. Can I make my own authorization server using only Lambda and API
gateway? (I know there is a implementation in Spring but for now I
want serwerless solution)
2. If I can I will be pleased for any tips because I really stuck.
There is a possibility that in my reasoning are mistakes.
In API Gateway you can create custom authorizers to be invoked before the API method is executed. Normally you can create a Lambda function to receive the authentication details and return a Policyt Document authorizing or denying the API method execution.
You can create a Lambda to make the OAuth provider authentication and generate the Policy Document, based on authentication flow. You can get more information here.
I'm trying to pass a request with AWS API but I get this error
AWS was not able to validate the provided access credentials
My request is:
https://ec2.amazonaws.com/?Action=RunInstances&ImageId=ami-6df1e514&KeyName=key1&InstanceType=t2.micro&Placement.AvailabilityZone=us-west-2&AWSSecretAccessKey=**********************&AWSAccessKeyId=******************
My access credentials are right, there is no doubt about that.
I found that the problem could be caused by clock delay but My PC's clock is correct.
Could someone help me, I did not find a solution.
You never send your secret access key to AWS when making an API call. Instead, you sign your request with the access/secret keys (as described here). You can read more about signing here.
Ideally, use the JavaScript SDK rather than manually generating query requests.
You should also rotate the credentials that you were using because you have exposed the secret key.
Where did you find this way of authentication by passing access-key and secret-key as parameters?
AWS SDK like java-sdk or boto3 provide easy to use APIs to make such calls so I would recommend using them.
Also look at authentication mechanism required by AWS API calls:
http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html