In the comments for build_canonical_query_string it is stated that the query string is used as raw value:
The raw query string values are preserved as-is (no decode/re-encode) because different clients use different encoding rules when signing.
This is creating issues when trying to integrate with Transmit 5.
Transmit is able to connect to a S3 bucket. But when trying to expand a directory, the request fails during validation. The root cause seems to be directly related to the validation process using the query string as-is.
In case of Transmit 5 request it is like this:
- uri:
/bucket-1?prefix=periods/&max-keys=1
- canonical query string used for validation
max-keys=1&prefix=periods/ (taken as-is from the uri)
- actual query string used for signing the request is encoded -
max-keys=1&prefix=periods%2F
I might've missed some key detail about the signing flow. But it seems that the approach of handling the query string as-is is not really S3-compatible.
My suggestion is to add query string decoding and re-encoding.
For context. I'm using the rustack_auth crate in custom implementation. The crate may not be meant for such use cases at all.
In the comments for
build_canonical_query_stringit is stated that the query string is used as raw value:This is creating issues when trying to integrate with Transmit 5.
Transmit is able to connect to a S3 bucket. But when trying to expand a directory, the request fails during validation. The root cause seems to be directly related to the validation process using the query string as-is.
In case of Transmit 5 request it is like this:
/bucket-1?prefix=periods/&max-keys=1max-keys=1&prefix=periods/(taken as-is from the uri)max-keys=1&prefix=periods%2FI might've missed some key detail about the signing flow. But it seems that the approach of handling the query string as-is is not really S3-compatible.
My suggestion is to add query string decoding and re-encoding.
For context. I'm using the
rustack_authcrate in custom implementation. The crate may not be meant for such use cases at all.