0002-00000204 - Object Storage Service - Alibaba Cloud Documentation Center

Issue description

The signature information in the Authorization request header is invalid.

Causes

You initiated a request that uses the V4 signature, but the format of the Authorization header is invalid.

Examples

You initiated a request that uses the V4 signature, but the format of the Authorization header is invalid.

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 CredentialAK**ID/20221220/us-east-1/oss/aliyun_v4_request,Signature=18**0a,UnknownKey=1
x-oss-content-sha256: UNSIGNED-PAYLOAD

The Authorization header separates the signature version and signature information with a space.

Signature version: Only OSS4-HMAC-SHA256 is supported.
Signature information: The signature information is displayed in the form of key-value pairs. Separate key-value pairs with commas (,), and connect keys and values with equal signs (=).
The key of the signature information includes two required fields (Credential and Signature) and one optional field (AdditionalHeaders). The preceding example contains an invalid key-value pair (UnknownKey=1).

Solutions

Make sure that the format of the Authorization header in the request that uses the V4 signature meets the preceding requirements. Example:

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 Credential=AK**ID/20221220/us-east-1/oss/aliyun_v4_request,AdditionalHeaders=host,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD

References

For information about how to use Alibaba Cloud SDKs to initiate a request that uses the V4 signature, see Overview.
Calculate the signature:
- For information about how to calculate the V4 signature, see Calculate V4 signature by using OSS SDK for Python.
- For information about how to specify the signature logic based on the V1 signature, see Overview.
If the server returns a response that contains the StringToSign parameter, you must check whether the value of the StringToSign parameter on the server is the same as the string before calculation.