Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement AWS Signer #523

Closed
MohammedNoureldin opened this issue Apr 17, 2021 · 5 comments
Closed

Implement AWS Signer #523

MohammedNoureldin opened this issue Apr 17, 2021 · 5 comments
Assignees
@dnys1
Labels
feature-request A request for a new feature or an enhancement to an existing API or category.

Comments

@MohammedNoureldin
Copy link

MohammedNoureldin commented Apr 17, 2021
edited
Loading

Apparently, in Amplify-JS it is possible to use the following code to sign a URL to be able to connect to a WebSocket endpoint secured by IAM:

.
.
  const credentials = await Auth.currentCredentials()

  const accessInfo = {
    access_key: credentials.accessKeyId,
    secret_key: credentials.secretAccessKey,
    session_token: credentials.sessionToken,
  }

  const wssUrl = "wss://YOUR-API-ID.execute-api.REGION.amazonaws.com/dev"

  const signedUrl = Signer.signUrl(wssUrl, accessInfo)

  wsClient = new W3CWebSocket(signedUrl)
.
.

However, this Signer class is not available in Flutter/Dart? This is a big issue, because by this I am not able anymore to continue coding to connect my application to my secured WebSocket endpoint.

Will this class be available any soon? Or do we have any alternative with code example please for the time being?
@hackrx
Copy link

hackrx commented Nov 29, 2021

Hey! @MohammedNoureldin, did you figure out a fix for this issue?

@MohammedNoureldin
Copy link
Author

Hey @hackrx!

I had to implement it by myself. You can use this library I created:

https://github.com/MohammedNoureldin/aws_url_signer

@hackrx
Copy link

hackrx commented Dec 1, 2021

Thanks, @MohammedNoureldin, if possible, can you please update the readme, for the how-to call guide? I can see it requires

{String apiId,
    String region,
    String stage,
    String accessKey,
    String secretKey,
    String sessionToken}

parameters in. signing function,
Don't you think it is a bad practice to hardcode access_key & secret_key in the frontend application?

@MohammedNoureldin
Copy link
Author

@hackrx please check this MohammedNoureldin/aws_url_signer#1 (comment), there is actually not too much to be said.

The keys are not stored in the app, they are being fetched using Cognito (shown in the link above), so the user is logged in using username and password, then Cognito returns temporary keys.

@Jordan-Nelson Jordan-Nelson added the feature-request A request for a new feature or an enhancement to an existing API or category. label Mar 8, 2022
@Jordan-Nelson Jordan-Nelson changed the title How to sign a URL to connect to WebSocket endpoint secured by IAM? Implement AWS Signer Mar 8, 2022
@dnys1 dnys1 mentioned this issue Mar 12, 2022
Merged
@dnys1 dnys1 mentioned this issue Apr 29, 2022
Closed
@dnys1
Copy link
Contributor

dnys1 commented May 22, 2022

This has been released as the aws_signature_v4 package with support for Web and VM platforms!

@dnys1 dnys1 closed this as completed May 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dnys1 dnys1

Labels
feature-request A request for a new feature or an enhancement to an existing API or category.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MohammedNoureldin @Jordan-Nelson @dnys1 @hackrx