I'm struggling with some GQL queries to AppSync, where the server rejects the
request, because of a signature mismatch. However, the only mismatch is the body
hash, which is calculated in aws-appsync-auth-link
(https://github.com/awslabs/aws-mobile-appsync-sdk-js/blob/fc173bfe3ce262b1dba422021fc57097c4926b7b/packages/aws-appsync-auth-link/src/signer/signer.ts#L87)
@AWSAmplify #cloudnative
3 replies
Replying to @coderbyheart
It does not work for one specific mutation, other queries and mutations work
fine, so I wonder how the server-side calculates the body hash...
Setup code for the Apollo client is here:
https://github.com/ausgaben/web/blob/2483bba552ab4f04f2402d0fbfb5687a950db306/src/Apollo/createClient.ts
Replying to @coderbyheart
I confirmed this with calculating the body checksum on the shell using
openssl dgst -binary -sha256 | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'
Which will calculate the correct checksum, that the server expected.
Replying to @coderbyheart
I found the issue: my query included a variable definition, that was not part of
the mutation, and server side, this variable is removed when calculating the
body hash. So AppSync actually parses the request body and manipulates it before
calculating the hash.