SignatureDoesNotMatch trying to access SB S3, using authenticated users session token

I'm trying to access SB S3 via an authenticaed users session token, using the approach outlined here: https://supabase.com/docs/guides/storage/s3/authentication#session-token

I've verified that I can upload to a specific bucket using a normal accesskey/secret - but I'd prefer to use the users own credentials (JWT) instead of embedding secrets into the browser side.

However; I am seeing a SignatureDoesNotMatch being thrown. In the logs:

        "stack": "Error: The request signature we calculated does not match the signature you provided, Check your credentials. The session token should be a valid JWT token\n    at Object.SignatureDoesNotMatch (/app/dist/internal/errors/codes.js:171:39)\n    at Object.<anonymous> (/app/dist/http/plugins/signature-v4.js:82:36)"
      }

        "stack": "Error: The request signature we calculated does not match the signature you provided, Check your credentials. The session token should be a valid JWT token\n    at Object.SignatureDoesNotMatch (/app/dist/internal/errors/codes.js:171:39)\n    at Object.<anonymous> (/app/dist/http/plugins/signature-v4.js:82:36)"
      }

So I believe I'm calling it OK. My S3 config setup is:

let credentials: {
            accessKeyId: string;
            secretAccessKey: string;
            sessionToken?: string;
        } = {
            accessKeyId: config.accessKeyId,
            secretAccessKey: config.secretAccessKey
        }
        if (config.accessKeyId === "vkfwaufurgmyfqrpmnoo") {
            credentials = {
                accessKeyId: "vkfwaufurgmyfqrpmnoo",
                secretAccessKey: 'anonKey',
                sessionToken: config.secretAccessKey
            }
            // console.log("Using secret access key: " + config.secretAccessKey);
        }
        this.s3Client = new S3Client({
            forcePathStyle: true,
            region: config.region,
            endpoint: config.endpoint,
            requestChecksumCalculation: "WHEN_REQUIRED", // to work around the S3 client trying to use the 'File' as a node based ReadableStream
            credentials: credentials,
        });

let credentials: {
            accessKeyId: string;
            secretAccessKey: string;
            sessionToken?: string;
        } = {
            accessKeyId: config.accessKeyId,
            secretAccessKey: config.secretAccessKey
        }
        if (config.accessKeyId === "vkfwaufurgmyfqrpmnoo") {
            credentials = {
                accessKeyId: "vkfwaufurgmyfqrpmnoo",
                secretAccessKey: 'anonKey',
                sessionToken: config.secretAccessKey
            }
            // console.log("Using secret access key: " + config.secretAccessKey);
        }
        this.s3Client = new S3Client({
            forcePathStyle: true,
            region: config.region,
            endpoint: config.endpoint,
            requestChecksumCalculation: "WHEN_REQUIRED", // to work around the S3 client trying to use the 'File' as a node based ReadableStream
            credentials: credentials,
        });

I am using the latest S3 library, in a vite/react project. Is there something I'm missing?

SignatureDoesNotMatch trying to access SB S3, using authenticated users session token

        "stack": "Error: The request signature we calculated does not match the signature you provided, Check your credentials. The session token should be a valid JWT token\n    at Object.SignatureDoesNotMatch (/app/dist/internal/errors/codes.js:171:39)\n    at Object.<anonymous> (/app/dist/http/plugins/signature-v4.js:82:36)"
      }

        "stack": "Error: The request signature we calculated does not match the signature you provided, Check your credentials. The session token should be a valid JWT token\n    at Object.SignatureDoesNotMatch (/app/dist/internal/errors/codes.js:171:39)\n    at Object.<anonymous> (/app/dist/http/plugins/signature-v4.js:82:36)"
      }

So I believe I'm calling it OK. My S3 config setup is:

let credentials: {
            accessKeyId: string;
            secretAccessKey: string;
            sessionToken?: string;
        } = {
            accessKeyId: config.accessKeyId,
            secretAccessKey: config.secretAccessKey
        }
        if (config.accessKeyId === "vkfwaufurgmyfqrpmnoo") {
            credentials = {
                accessKeyId: "vkfwaufurgmyfqrpmnoo",
                secretAccessKey: 'anonKey',
                sessionToken: config.secretAccessKey
            }
            // console.log("Using secret access key: " + config.secretAccessKey);
        }
        this.s3Client = new S3Client({
            forcePathStyle: true,
            region: config.region,
            endpoint: config.endpoint,
            requestChecksumCalculation: "WHEN_REQUIRED", // to work around the S3 client trying to use the 'File' as a node based ReadableStream
            credentials: credentials,
        });

let credentials: {
            accessKeyId: string;
            secretAccessKey: string;
            sessionToken?: string;
        } = {
            accessKeyId: config.accessKeyId,
            secretAccessKey: config.secretAccessKey
        }
        if (config.accessKeyId === "vkfwaufurgmyfqrpmnoo") {
            credentials = {
                accessKeyId: "vkfwaufurgmyfqrpmnoo",
                secretAccessKey: 'anonKey',
                sessionToken: config.secretAccessKey
            }
            // console.log("Using secret access key: " + config.secretAccessKey);
        }
        this.s3Client = new S3Client({
            forcePathStyle: true,
            region: config.region,
            endpoint: config.endpoint,
            requestChecksumCalculation: "WHEN_REQUIRED", // to work around the S3 client trying to use the 'File' as a node based ReadableStream
            credentials: credentials,
        });

I am using the latest S3 library, in a vite/react project. Is there something I'm missing?

SignatureDoesNotMatch trying to access SB S3, using authenticated users session token

SignatureDoesNotMatch trying to access SB S3, using authenticated users session token

Similar Threads

Similar Threads

Similar Threads