All Products
Search

This Product

    Object Storage Service:0002-00000004

    Document Center

    Object Storage Service:0002-00000004

    Last Updated:Jul 21, 2023

    Problem description

    When you initiate a request to access OSS, the security token and temporary AccessKey pair that are used in the request for authentication are different from those returned by the AssumeRole operation.

    Causes

    When you initiate a request to access OSS, the security token and temporary AccessKey pair that are used in the request for authentication are incorrect.

    Examples

    • The AccessKey ID obtained from STS is used in the URL of the request to access OSS. However, the security token specified by the security-token parameter in the URL is inconsistent with the security token obtained from STS.

    • The AccessKey ID obtained from STS is used in the headers of the request to access OSS. However, the security token specified by the x-oss-security-token header is inconsistent with the security token obtained from STS.

    Solutions

    You can perform the following steps to initiate a request by using access credentials obtained from STS:

    1. Call the AssumeRole operation or use STS SDKs for various programming languages to obtain temporary access credentials.

      Temporary access credentials contain a security token and a temporary AccessKey pair that consists of an AccessKey ID and an AccessKey secret. For more information about how to obtain temporary access credentials, see Use temporary credentials provided by STS to access OSS.

    2. Use an SDK or call the RESTful API operation to initiate a request by using access credentials obtained from STS. Example:

    https://examplebucket.oss-cn-hangzhou.aliyuncs.com/oss-api.pdf?OSSAccessKeyId=STS.nz2pc56s936****&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv****&security-token=CAISowJ1q6Ft5B2yfSjIr5bgIOz31blR9oWmWBfCs3kDR/xm3Imc1zz2IHxMdHJsCeAcs/Q0lGFR5/sflqJIRoReREvCUcZr8szfWcsZos2T1fau5Jko1be0ewHKeQKZsebWZ+LmNpy/Ht6md1HDkAJq3LL+bk/Mdle5MJqP+/kFC9MMRVuAcCZhDtVbLRcYgq18D3bKMuu3ORPHm3fZCFES2jBxkmRi86+ysIP+phPVlw/90fRH5dazcJW0Zsx0OJo6Wcq+3+FqM6DQlTNM6hwNtoUO1fYUommb54nDXwQIvUjfbtC5qIM/cFVLAYEhALNBofTGkvl1h/fejYyfyWwWYbkFCHiPFNr9kJCUSbr4a4sjF6zyPnPWycyCLYXleLzhxPWd/2kagAGaXG69BqwYNvrKKI3W8weP3bNc1wQDMXQfiHpFCRG6lYhh3iXFtpwH90A3sTlxzRGvi8+9p63JwrluOHWs+Fj6S6s0cOhKvKRWYE8UuWeXIvv4l6DAGwHDE8BLjLC11f5prUJgI2wb+3hwuBod32Jx+us/1p996Glao725orcb****
    Important

    Make sure that the security token and temporary AccessKey pair that are used in the request for authentication are consistent with those returned by the AssumeRole operation.