Workload Identity Federation AWS SignatureDoesNotMatch error from Windows EC2 instance #844
Description
Customer using workload identity federation in an EC2 Windows instance is getting the following error on token exchange:
Error Message:
raise exceptions.OAuthError(error_details, response_body)
google.auth.exceptions.OAuthError: ('Error code invalid_grant: Received invalid AWS
response of type SignatureDoesNotMatch with error message: The request signature we
calculated does not match the signature you provided. Check your AWS Secret Access
Key and signing method. Consult the service documentation for details.',
'{"error":"invalid_grant","error_description":"Received invalid AWS response of type
SignatureDoesNotMatch with error message: The request signature we calculated does
not match the signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details."}')
Issue is here:
google-auth-library-python/google/auth/aws.py
Line 121 in 93482c6
For Windows OS:
PS C:\Users\Administrator> python
Python 3.9.6 (tags/v3.9.6:db3ff76, Jun 28 2021, 15:26:21) [MSC v.1929 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> import os
>>> os.path.normpath("/")
'\\'
For Linux OS:
[ec2-user@ip-*** ~]$ python3
Python 3.7.10 (default, Jun 3 2021, 00:02:01)
[GCC 7.3.1 20180712 (Red Hat 7.3.1-13)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.path.normpath('/')
'/'
Environment details
- OS: AWS Windows EC2 instance
- Python version: All supported
- pip version: N/A
google-authversion: All versions that support workload identity federation