amplify-js: API.get Sometimes gets 403.

Describe the bug Suddenly the response of API.get gets 403. (signature doesn’t match) After once I got 403, I keep getting 403 ever. It happens sometimes, I mean few times a day. I researched about this problem. I noticed header is different with success one and failed one.

difference

  • existing of host
  • actually Accept but in below example , these are same, because I specified clearly.

success one

{  
   'User-Agent':'aws-amplify/1.0.28 react-native',
   Accept:'application/json',
   host:'***MASK***',
   'x-amz-date':'20190701T022854Z',
   'X-Amz-Security-Token':'***MASK***',
   Authorization:'AWS4-HMAC-SHA256 Credential=***MASK***/20190701/us-east-1/execute-api/aws4_request, SignedHeaders=accept;host;user-agent;x-amz-date;x-amz-security-token, Signature=05bb4d19eae6fafbdf1e478a38010745cf0862c78fe962f672dc7e2bf5b03456'
}

failed one

{  
   Accept:'application/json',
   'User-Agent':'aws-amplify/1.0.28 react-native',
   'x-amz-date':'20190701T022729Z',
   'X-Amz-Security-Token':'***MASK***',
   Authorization:'AWS4-HMAC-SHA256 Credential=***MASK***/20190701/us-east-1/execute-api/aws4_request, SignedHeaders=accept;host;user-agent;x-amz-date;x-amz-security-token, Signature=c233e9ec17f1522006a2f3d29a28160b81ce184cee806a10f039f1c3f0dcee85'
}

To Reproduce Steps to reproduce the behavior:

  1. I call API like this.
    const path = `MASK`;
    const option = {
      headers: { Accept: 'application/json' }
    };
    const res = await API.get('MASK', path, option);
  1. Keep using app, but I don’t know when it is occurred.
  2. Suddenly a API.get failed.

Expected behavior I expect that same request generates same request header. And it works correctly.

Screenshots No screenshots.

Smartphone (please complete the following information):

  • Device: HUAWEI ANE-LX2J
  • OS: Android 9
  • Browser React Native
  • Version React Native 0.59.8

Additional context Nothing special.

Sample code

    const path = `MASK`;
    const option = {
      headers: { Accept: 'application/json' }
    };
    const res = await API.get('MASK', path, option);

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 4
  • Comments: 21 (1 by maintainers)

Most upvoted comments

@manueliglesias You were at some point looking into this issue, but nothing seems to have come out of that. I think it’s pretty clear now, that the main reason for this happening from all these reports, is clock drift and that should be possible to correct/fix in the library. Could you work on this?

+1
houmark on Feb 4, 2020

Folks I am facing exactly the same problem with React Native and AWS Cognito Developer Identities. The issue occurs randomly in some cases and is not consistently reproducible.

Authentication keeps failing until app is force terminated. I am seeing about 30% of the requests fail due to this issue. Seems like something gets cached in the SDK. The same is cleared by terminating the app and reinitializing the SDK. This is having a major customer impact.

Different responses for exactly the same request as below:

Successful request config from server success response "config": { "url": "https://*****", "method": "get", "data": null, "headers": { "Accept": "application/json, text/plain, */*", "User-Agent": "aws-amplify/1.0.28 react-native", "sessionToken": "****", "x-amz-date": "20190801T131618Z", "X-Amz-Security-Token": "*****", "Authorization": "AWS4-HMAC-SHA256 Credential=*****/20190801/ap-south-1/execute-api/aws4_request, SignedHeaders=host;sessiontoken;user-agent;x-amz-date;x-amz-security-token, Signature=*****" }, "transformRequest": [ null ], "transformResponse": [ null ], "timeout": 0, "responseType": "json", "xsrfCookieName": "XSRF-TOKEN", "xsrfHeaderName": "X-XSRF-TOKEN", "maxContentLength": -1 }

Amplify debug rest-client log for Successful Signer - POST /**** content-type:application/json; charset=UTF-8 host:****.execute-api.ap-south-1.amazonaws.com sessiontoken:***** user-agent:aws-amplify/1.0.28 react-native x-amz-date:20190801T131618Z x-amz-security-token:**** content-type;host;sessiontoken;user-agent;x-amz-date;x-amz-security-token ****

Failed request config from server error response caught in exception "config": { "url": "https://****", "method": "post", "data": "{}", "headers": { "Accept": "application/json, text/plain, */*", "Content-Type": "application/json; charset=UTF-8", "User-Agent": "aws-amplify/1.0.28 react-native", "sessionToken": "*****", "x-amz-date": "20190731T101110Z", "X-Amz-Security-Token": "******", "Authorization": "AWS4-HMAC-SHA256 Credential=******/20190731/ap-south-1/execute-api/aws4_request, SignedHeaders=content-type;host;sessiontoken;user-agent;x-amz-date;x-amz-security-token, Signature=****" },

Amplify debug rest-client log for Failed Signer - POST /***** content-type:application/json; charset=UTF-8 host:****.execute-api.ap-south-1.amazonaws.com sessiontoken:***** user-agent:aws-amplify/1.0.28 react-native x-amz-date:20190731T101131Z x-amz-security-token:**** content-type;host;sessiontoken;user-agent;x-amz-date;x-amz-security-token *****

@sekitaka were you able to fix it? I do see the accept header in the config in the response and it is not present in the Signer Amplify debug log. This applies to both successful and errored requests. Just make sure you are looking at the same data.

So the reason for failure is not clear.

+1
hrishimonthly on Aug 1, 2019
Read more comments on GitHub
← amplify-js: Angular - signedIn user is not persisted
amplify-js: Apple Signing Token is not from a supported provider of this identity pool. →