Hi odelot, Great Work. I tried to get the example working. Un

Hi. I am facing same issue. <div class="snippet-clipboard-content notranslate

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

See <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

403 Forbidden about aws-mqtt-websockets HOT 10 CLOSED

odelot commented on July 19, 2024

403 Forbidden

from aws-mqtt-websockets.

Comments (10)

vitoralvimb commented on July 19, 2024 3

Healthineer, you doin't need to back to WebSockets 2.0.2 version.
You can do work with 2.0.5 doing few changes.

At the AWSWebSocketClient.cpp, keep this line of code without PORT, like this:

sprintf(canonicalHeaders, "%shost:%s\n", canonicalHeaders,awsDomain);

At the WebSocketsClient.cpp, change this part of code with the lines below:

    String transport;
    String handshake;
    if(!client->isSocketIO || (client->isSocketIO && client->cSessionId.length() > 0)) {
        if(client->isSocketIO) {
            transport = "&transport=websocket&sid=" + client->cSessionId;
        }
        handshake = "GET " + client->cUrl + transport + " HTTP/1.1\r\n"
                    //CHANGED
                    "Host: " + _host + "\r\n"
                    ///////////////////////////////
                    "Connection: Upgrade\r\n"
                    "Upgrade: websocket\r\n"
                    "Origin: file://\r\n"
                    "User-Agent: arduino-WebSocket-Client\r\n"
                    "Sec-WebSocket-Version: 13\r\n"
                    "Sec-WebSocket-Key: " + client->cKey + "\r\n";

        if(client->cProtocol.length() > 0) {
           handshake += "Sec-WebSocket-Protocol: " + client->cProtocol + "\r\n";

        }

        if(client->cExtensions.length() > 0) {
            handshake += "Sec-WebSocket-Extensions: " + client->cExtensions + "\r\n";
        }

    } else {
        handshake = "GET " + client->cUrl + "&transport=polling HTTP/1.1\r\n"
                    "Connection: keep-alive\r\n";
                  //MOVED from outside ELSE to here
                  handshake +=    "Host: " + _host + "\r\n"
                        "Origin: file://\r\n"
                        "User-Agent: arduino-WebSocket-Client\r\n";
                  /////////////////////////////////////////////////////
    }
    if(client->base64Authorization.length() > 0) {
        handshake += "Authorization: Basic " + client->base64Authorization + "\r\n";
    }

    if(client->plainAuthorization.length() > 0) {
        handshake += "Authorization: " + client->plainAuthorization + "\r\n";
    }

    handshake += "\r\n";

    client->tcp->write(handshake.c_str(), handshake.length());

    //ADDED a debug line just to see the Header we are sending                    
    DEBUG_WEBSOCKETS("[WS-Client][sendHeader] Header: \n%s\n", handshake.c_str());

#if (WEBSOCKETS_NETWORK_TYPE == NETWORK_ESP8266_ASYNC)
...
...

from aws-mqtt-websockets.

TopGunPk commented on July 19, 2024 1

Hi.
I am facing same issue.

connecting to wifi
state: 5 -> 0 (0)
rm 0
f r0, .....................scandone
.f r0, scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 1
cnt 

connected with Nayatel, channel 11
dhcp client start...
ip:192.168.100.60,mask:255.255.255.0,gw:192.168.100.1

connected
10295 - conn: 1 - (23520)
[WS-Client] connect wss...
please start sntp first !
[WS-Client] connected to ajqoxnudzweat.iot.us-east-1.amazonaws.com:443.
[WS-Client][sendHeader] sending header...
[WS-Client][sendHeader] sending header... Done (257277us).
[WS-Client][handleHeader] RX: HTTP/1.1 403 Forbidden
[WS-Client][handleHeader] RX: content-type: application/json
[WS-Client][handleHeader] RX: content-length: 241
[WS-Client][handleHeader] RX: date: Mon, 31 Oct 2016 12:37:09 GMT
[WS-Client][handleHeader] RX: x-amzn-RequestId: 2d1ca2d4-765a-7c06-8479-7cb8dd4f094e
[WS-Client][handleHeader] RX: connection: Keep-Alive
[WS-Client][handleHeader] RX: x-amzn-ErrorType: Forbi] client disconnected.
[AWSc] Disconnected!
[WS-Client] connect wss...
please start sntp first !

I tried to change the Canonical headers statement to not have the PORT number as well, still same issue.

Is this all due to AWS's change of headers OR is this a library issue ?

If so, could you please guide me how to get around this ?

Thank you.

from aws-mqtt-websockets.

GregorPonert commented on July 19, 2024

Maybe the problem is related to the SSL Certificate ? As far as I understood, the Websocket connection is SSL encrypted. However, I did not configure any Certificate for this SSL encryption and I did not find any hint how to configure the Certificate (e.g. with espconn_secure_ca_enable).

from aws-mqtt-websockets.

boraozgen commented on July 19, 2024

It might be a problem with the arduinoWebSockets dependency. Check out #9

from aws-mqtt-websockets.

rahu2581 commented on July 19, 2024

Also the host name should be lowercase.
A2BF8DY97CWJ2U.iot.us-west-2.amazonaws.com -> a2bf8dy97cwj2u.iot.us-west-2.amazonaws.com

Regarding the arduinoWebSockets:
A port was added to the Host header.
The same port needs to be added to the header before signing it.

sprintf(canonicalHeaders, "%shost:%s:443\n", canonicalHeaders,awsDomain);

Any difference in the header will render the signature invalid...

from aws-mqtt-websockets.

tejaswigowda commented on July 19, 2024

@rahu2581 can you elaborate on:

Regarding the arduinoWebSockets:
A port was added to the Host header.
The same port needs to be added to the header before signing it.

sprintf(canonicalHeaders, "%shost:%s:443\n", canonicalHeaders,awsDomain);
Any difference in the header will render the signature invalid...

My setup was working just fine. Am not sure why it stopped working once I used a different IAM user.

Appreciate all your help

from aws-mqtt-websockets.

rahu2581 commented on July 19, 2024

See #10.
In my case I got the 403 because the dependency arduinoWebSockets added a port number to their host header which is not included in the signed host header.

If you only have problems with another IAM user my guess would be the permissions of that user though.

from aws-mqtt-websockets.

healthineer commented on July 19, 2024

I also encountered the 403 Permission Problem with my esp8266 (2.3.0).
For me its only working with the 2.0.2 version of arduinoSockets [https://github.com/Links2004/arduinoWebSockets/releases/tag/2.0.2] without sending the port number in the header:
sprintf(canonicalHeaders, "%shost:%s\n", canonicalHeaders,awsDomain);
I tried also the versions 2.0.3, 2.0.4, 2.0.5 of arduinoWebsockets but didn't succeeded neither with nor without the port number in the header

from aws-mqtt-websockets.

odelot commented on July 19, 2024

@vitoralvimb @healthineer I've fixed the lib. Now you can use it with the WebSockets library (version 2.0.5) without modifying it

from aws-mqtt-websockets.

theElementZero commented on July 19, 2024

hey i am also having same problem, i couldnt understand the problem
i have removed PORT from websocketclient file, also AWS ID and key are correct but it doesnt work,

help please

[WS-Client] connected to apigateway.ap-northeast-1.amazonaws.com:443.
[WS-Client][sendHeader] sending header...
[WS-Client][sendHeader] handshake GET /mqtt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJVBP557SD6JXUL5Q%2F20171206%2Fap-northeast-1%2Fiotdevicegateway%2Faws4_request&X-Amz-Date=20171206T103355Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=e44e9da2511de46d4be39c5ebbde9420a4a475c23c29d8ba8b10652ef42b7f47 HTTP/1.1
Host: apigateway.ap-northeast-1.amazonaws.com
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: OEsEtSQzeE2v6C3qnYAuuA==
Sec-WebSocket-Protocol: mqtt
Origin: file://
User-Agent: arduino-WebSocket-Client

[write] n: 554 t: 1197781
[WS-Client][sendHeader] sending header... Done (355247us).
[WS-Client][handleHeader] RX: HTTP/1.1 403 Forbidden
[WS-Client][handleHeader] RX: Date: Wed, 06 Dec 2017 10:34:05 GMT
[WS-Client][handleHeader] RX: Content-Length: 141
[WS-Client][handleHeader] RX: Connection: keep-alive
[WS-Client][handleHeader] RX: x-amzn-RequestId: fc269ab1-da70-11e7-a95b-a316f2cf1c51
[WS-Client][handleHeader] RX: Access-Control-Allow-Origin: *
[WS-Client][handleHeader] RX: Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
[WS-Client][handleHeader] Header read fin.
[WS-Client][handleHeader] Client settings:
[WS-Client][handleHeader]  - cURL: /mqtt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJVBP557SD6JXUL5Q%2F20171206%2Fap-northeast-1%2Fiotdevicegateway%2Faws4_request&X-Amz-Date=20171206T103355Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=e44e9da2511de46d4be39c5ebbde9420a4a475c23c29d8ba8b10652ef42b7f47
[WS-Client][handleHeader]  - cKey: OEsEtSQzeE2v6C3qnYAuuA==
[WS-Client][handleHeader] Server header:
[WS-Client][handleHeader]  - cCode: 403
[WS-Client][handleHeader]  - cIsUpgrade: 0
[WS-Client][handleHeader]  - cIsWebsocket: 0
[WS-Client][handleHeader]  - cAccept: 
[WS-Client][handleHeader]  - cProtocol: mqtt
[WS-Client][handleHeader]  - cExtensions: 
[WS-Client][handleHeader]  - cVersion: 0
[WS-Client][handleHeader]  - cSessionId: 
[WS-Client][handleHeader] no Websocket connection close.
[write] n: 27 t: 1198243
[WS-Client] client disconnected.
[WS-Client] connect wss...

@vitoralvimb @odelot

from aws-mqtt-websockets.

403 Forbidden about aws-mqtt-websockets HOT 10 CLOSED

Comments (10)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent