SHA256 implementation missing from browser client

[zoellner]

Describe the bug
It looks like signature v4 isn't properly initialized with sha256 when using the browser client

TypeError: hashConstructor is not a constructor
    at Object.getPayloadHash ([...]/node_modules/@aws-sdk/signature-v4/build/getPayloadHash.js:21:26)
    at SignatureV4.signRequest ([...]/node_modules/@aws-sdk/signature-v4/build/SignatureV4.js:94:52)
    at SignatureV4.sign ([...]/node_modules/@aws-sdk/signature-v4/build/SignatureV4.js:76:25)

SDK version number
"@aws-sdk/client-cognito-identity-provider-browser": "0.1.0-preview.2"

Is the issue in the browser/Node.js?
Browser

Details of the browser/Node.js version
Chrome: 78.0.3904.108

To Reproduce (observed behavior)

const {
  CognitoIdentityProviderClient,
  ListUsersCommand
} = require('@aws-sdk/client-cognito-identity-provider-browser');
​
const credentials = {
  accessKeyId: 'ABC',
  sessionToken: 'ABCDE',
  secretAccessKey: '12345',
  identityId: 'us-east-1:abcde-1234-4444-9999-666666666666',
  authenticated: true
};
​
const UserPoolId = 'us-east-1_ABCDEF';
const region = 'us-east-1';
​
const cognitoIdentityProvider = new CognitoIdentityProviderClient({ credentials, region });
const cmd = new ListUsersCommand({ UserPoolId });
cognitoIdentityProvider.send(cmd).then((res) => {
  console.log('success', res);
}).catch((err) => {
  console.log('err', err, err.$metadata);
});

Expected behavior
Request is signed and sent.

Screenshots
n/a

Additional context
#36 mentions that sha256 would be hooked up already but that doesn't seem to be the case.

[zoellner]

I tried to just inject sha256 from @aws-crypto/sha256-browser into the new CognitoIdentityProviderClient call but that didn't seem to be enough. However if I inject a signer it does sign the requests as expected:

const {Sha256} = require("@aws-crypto/sha256-browser");
const {SignatureV4} = require("@aws-sdk/signature-v4");

​const signer = new SignatureV4({
  region,
  service: "cognito-idp",
  sha256: Sha256,
  credentials,
  uriEscapePath: true
});

const cognitoIdentityProvider = new CognitoIdentityProviderClient({ credentials, region, signer });

[stephankaag]

I ran into the same issue but in the nodejs client instead.

[stephankaag]

@zoellner I did some investigation and found the following fix for the node client, maybe the browser client fix is similar (I did not check)

It appears the order of configuration is wrong. The signer configuration is set before the sha256 is set. As a result, the signer has no sha256 set.

I fixed it by reversing the order of the keys signer and sha256 here: https://github.com/aws/aws-sdk-js-v3/blob/master/clients/node/client-cognito-identity-provider-node/CognitoIdentityProviderConfiguration.ts#L405

[srchase]

@zoellner and @stephankaag

Would you mind switching over to the alpha release of @aws-sdk/client-cognito-identity-provider instead?

The sha256 dependency for the browser should be working with that release.

[stephankaag]

@zoellner and @stephankaag

Would you mind switching over to the alpha release of @aws-sdk/client-cognito-identity-provider instead?

The sha256 dependency for the browser should be working with that release.

It seems to be fixed! :-)

[srchase]

@stephankaag thanks for confirming!

@zoellner I'll close this issue out since it's been resolved in @aws-sdk/client-cognito-identity-provider.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.