Authorization header requires 'Credential' parameter

Question

We are using Identity Server4 with .NET Core and deploy the application as AWS Serverless lambda function. When are calling the token endpoint to generated access token we got the following error message:

{
"message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Basic Y2xpZW50OnNlY3JldA=="

}

Here is our ConfigurationServices method in Identity Server application:

 public void ConfigureServices(IServiceCollection services)
    {
        services.AddSingleton<IConfiguration>(Configuration);

        //connection string
        string connectionString = Configuration.GetConnectionString("IdentityServer");

        var rsaProvider = new RSACryptoServiceProvider(2048);

        SecurityKey key = new RsaSecurityKey(rsaProvider);

        var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials
              (key, SecurityAlgorithms.RsaSha256Signature);


        var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;

        services.AddIdentityServer()
           .AddSigningCredential(credentials)
            // this adds the config data from DB (clients, resources)
            .AddConfigurationStore(options =>
            {
                options.ConfigureDbContext = builder =>
                builder.UseSqlServer(connectionString,
                sql => sql.MigrationsAssembly(migrationsAssembly));
            }) // this adds the operational data from DB (codes, tokens, consents)
            .AddOperationalStore(options =>
            {
                options.ConfigureDbContext = builder =>
                builder.UseSqlServer(connectionString,
            sql => sql.MigrationsAssembly(migrationsAssembly));

                // this enables automatic token cleanup. this is optional.
                 options.EnableTokenCleanup = true;
                 options.TokenCleanupInterval = 30;
            });

        // Add S3 to the ASP.NET Core dependency injection framework.
        services.AddAWSService<Amazon.S3.IAmazonS3>();
    }

Here is our client application that calling identity server's token endpoint to generate token:

[HttpGet]
    public async Task<IActionResult> Get(string client, string secret)
    {

        IActionResult result = null;

        //discover endpoints from metadata

        //var disco = await DiscoveryClient.GetAsync("http://localhost:3000/");

        var disco = await DiscoveryClient.GetAsync("hide for security reasons/");

        if (disco.IsError)
        {
            result = NotFound(disco.Error);

            return result;
        }
        //request token

        var tokenClient = new TokenClient(disco.TokenEndpoint, client, secret);

        var tokenResponse = await tokenClient.RequestClientCredentialsAsync(scope: "sup");

        if (tokenResponse.IsError)
        {
            result = NotFound(tokenResponse.Error);
        }

        result = Ok(tokenResponse.Json);

        return result;
    }

Answer 1

In my case, I forgot to configure authentication in the API Gateway. I updated my API using the Amplify CLI, but it overrode some configurations, such as authentication. After configuring authentication in the API Gateway, it worked well.

Answer 2

I recently encountered this same issue! I had configured a Lambda function and connected it to a route (resource) in the API Gateway. However, since my request had a header parameter called "Authorization", I ran into problems ("Authorization header requires 'Credential' parameter") when I tried to hit the route generated by the API Gateway (api.gateway.UrlExample.com/stage/endpoint).

Here's how I solved it: In the AWS console, within the API Gateway's resource screen:

• Select the resource that's causing the problem.
• Go to the "Integration Request" tab.
• Click on Edit.
• Enable the checkbox for "Lambda Proxy Integration", and you're all set!

Wait for a couple of minutes and try making the request again!

Answer 3

If you are using postman to hit an API Gateway endpoint. you might get this error in postman. it will occur specially when you try to pass id token or access token.

so to fix this you need to sign your request using AWS-Amplify.

Answer 4

In my case, i figured out that the URL path is case sensitive in AWS API Gateway.

Hope this answer helps someone stuck in this problem, like me.

Answer 5

The issue I was having was pasting the URL included newline character or some other invisible character mismatch

Answer 6

I encountered this error while trying to curl an endpoint(*):

curl -XGET -u user:password <host-url>

The problem was that I passed wrong credentials.

---

(*) Side note: I tried to search my Elasticsearch cluster hosted on AWS.

Answer 7

Just in case someone else makes their way here, this happened to me because I had a typo in the path of my URL.

When I corrected my typo, everything worked for me.

Mini context: I was confused because I was using a Lambda authorizer for my API Gateway resource, and I didn't even see anything hitting the Cloudwatch logs for that Lambda.