Google Cloud signed url “SignatureDoesNotMatch” when using PostMan but works fine with Python

4
votes

Hi I have generated a signed url to upload to google cloud bucket, but when I try to PUT, I get SignatureDoesNotMatch, weirdly only with PostMan. When I try same Url, queryParams, Headers in Python, I was able to upload fine.

Here is the request I tried in PostMan

url: https://storage.googleapis.com/****-171020.appspot.com/swift.txt?GoogleAccessId=storageadmin@****-171020.iam.gserviceaccount.com&Expires=1503755879&Signature=tlcHVRwbvMSxaIB6oO/TDXRDczXGFSE6ZXHmZbtCUMhjpos36/1KdKV7Lbmm7XtKsq42SFNksUIZLplyAMpkG8aMBuydeoJd+kvebLxK2k+AX8Xr2VVf5Aq/vVJrPGGYGD0iEN+bY264NIFbyJnlm0pthCVGtB5YqZJadCFDwPFWqi04312Jzzen1CXDY+saY0BabmXaZeCzINz7kV+aq0AJoS8taW0uqboYc1o4gCA6OPAswMr1E840a+II4HqkeOWcv7PiHEPdw/sgH3PR+TkGmjTAd9f8H6zJIFaT8DLbtsl7t3iAUM7Fvdtc9pGQt6KT0qUm9z3XfPEjP8OsTA==

Headers: Content-MD5:7Qdih1MuhjZehB6Sv8UNjA== Content-Type:text/plain

Here is Python program that works:

import requests

url = "https://storage.googleapis.com/****-171020.appspot.com/swift.txt"
querystring = {'GoogleAccessId':'storageadmin@****-171020.iam.gserviceaccount.com', 'Expires':'1503755879', 'Signature':'tlcHVRwbvMSxaIB6oO/TDXRDczXGFSE6ZXHmZbtCUMhjpos36/1KdKV7Lbmm7XtKsq42SFNksUIZLplyAMpkG8aMBuydeoJd+kvebLxK2k+AX8Xr2VVf5Aq/vVJrPGGYGD0iEN+bY264NIFbyJnlm0pthCVGtB5YqZJadCFDwPFWqi04312Jzzen1CXDY+saY0BabmXaZeCzINz7kV+aq0AJoS8taW0uqboYc1o4gCA6OPAswMr1E840a+II4HqkeOWcv7PiHEPdw/sgH3PR+TkGmjTAd9f8H6zJIFaT8DLbtsl7t3iAUM7Fvdtc9pGQt6KT0qUm9z3XfPEjP8OsTA=='}
payload = "Hello World!"
headers = {'Content-MD5': '7Qdih1MuhjZehB6Sv8UNjA==', 'Content-Type':'text/plain'}

response = requests.request("PUT", url, data=payload, headers=headers, params=querystring)

print(response.text)

Please help me understand what's happening here. Thanks!

1
pythongoogle-cloud-storagepostmanpre-signed-url
I believe your problem is how you've defined your headers in postman. Try replacing "key" and "value" with the actual keys and values. eg: {"Content-MD5": "7Qdih1MuhjZehB6Sv8UNjA=="} instead of {"key": "Content-MD5"...}AllenMoh
@AllenMoh That's just the way postman added to clipboard when I tried copying, edited to avoid confusion.Aster
how do you signing in python?bhavin jalodara

1 Answers

4
votes

The keys and values in a query string need to be uri encoded. The reason you're getting a "SignatureDoesNotMatch" is that on the receiving side they are uri decoding what your are providing, expecting that it is uri encoded, and since what you are providing is not encoded, the decoding yields a different signature.

See this link for reserved characters: https://tools.ietf.org/html/rfc2396#section-2

An online tool to help you encode your query string: http://www.url-encode-decode.com/

The reason your python code works, is that the requests library automatically uri encodes the query string parameters.