vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/s3api/en-us_topic_0125560431.html
Jawei, Li 1a4c1a720a OBS s3api 2.0.38.SP5 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Jawei, Li <lijiawei5@huawei.com>
Co-committed-by: Jawei, Li <lijiawei5@huawei.com>
2022-11-16 14:51:13 +00:00

57 lines
4.8 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0125560431"></a><a name="EN-US_TOPIC_0125560431"></a>
<h1 class="topictitle1">V2 Temporarily Authorized Request</h1>
<div id="body397519"><p id="EN-US_TOPIC_0125560431__p155681645285">Requests for temporarily authorized operations are authenticated using the query-string parameters instead of the <strong id="EN-US_TOPIC_0125560431__b7569184112819">authorization</strong> header.</p>
<p id="EN-US_TOPIC_0125560431__p55691848289">In OBS, a registered and activated user can use its account to create a URL that contains authentication information. In addition, any user that obtains the URL can perform the operation specified by the URL.</p>
<p id="EN-US_TOPIC_0125560431__p1956914162820">For example, during temporarily authorized Get Object request, a specific URL is created and any user obtaining this URL can get the specified object before the expired time.</p>
<pre class="screen" id="EN-US_TOPIC_0125560431__screen40069933141825">GET /ObjectKey?AWSAccessKeyId=AccessKeyID&amp;Expires=ExpiresValue&amp;Signature=signature HTTP/ 1.1
Host: bucketname.obs.example.com</pre>
<p id="EN-US_TOPIC_0125560431__p66582052">The required authentication elements are specified as query string parameters detailed in <a href="#EN-US_TOPIC_0125560431__table38455150">Table 1</a>.</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0125560431__table38455150"></a><a name="table38455150"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0125560431__table38455150" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Request parameters</caption><tbody><tr id="EN-US_TOPIC_0125560431__row39330387"><td class="cellrowborder" valign="top" width="23.18%"><p id="EN-US_TOPIC_0125560431__p31644779">Parameter</p>
</td>
<td class="cellrowborder" valign="top" width="56.830000000000005%"><p id="EN-US_TOPIC_0125560431__p13090320">Description</p>
</td>
<td class="cellrowborder" valign="top" width="19.99%"><p id="EN-US_TOPIC_0125560431__p53682985">Remarks</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560431__row13384821"><td class="cellrowborder" valign="top" width="23.18%"><p id="EN-US_TOPIC_0125560431__p10428696">AWSAccessKeyId</p>
</td>
<td class="cellrowborder" valign="top" width="56.830000000000005%"><p id="EN-US_TOPIC_0125560431__p39418019">Indicates the AK of the permission grantor.</p>
<p id="EN-US_TOPIC_0125560431__p19217855">Type: String</p>
</td>
<td class="cellrowborder" valign="top" width="19.99%"><p id="EN-US_TOPIC_0125560431__p13142459">Mandatory</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560431__row51173267"><td class="cellrowborder" valign="top" width="23.18%"><p id="EN-US_TOPIC_0125560431__p51393992">Expires</p>
</td>
<td class="cellrowborder" valign="top" width="56.830000000000005%"><p id="EN-US_TOPIC_0125560431__p2163846">Indicates the time (expressed in seconds) when the temporarily authorized URL expires. The time must be in Coordinated Universal Time (UTC) format and later than 00:00:00 on January 1, 1970.</p>
<p id="EN-US_TOPIC_0125560431__p19474615">Type: String</p>
</td>
<td class="cellrowborder" valign="top" width="19.99%"><p id="EN-US_TOPIC_0125560431__p33939988">Mandatory</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0125560431__row37024442"><td class="cellrowborder" valign="top" width="23.18%"><p id="EN-US_TOPIC_0125560431__p46189825">Signature</p>
</td>
<td class="cellrowborder" valign="top" width="56.830000000000005%"><p id="EN-US_TOPIC_0125560431__p50388336">Indicates the signature generated using the SK and parameter <strong id="EN-US_TOPIC_0125560431__b50841847">Expires</strong>.</p>
<p id="EN-US_TOPIC_0125560431__p54923440">Type: String</p>
</td>
<td class="cellrowborder" valign="top" width="19.99%"><p id="EN-US_TOPIC_0125560431__p19613673">Mandatory</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="EN-US_TOPIC_0125560431__p18607670">The query-string authentication differs from the authorization header authentication in the following aspects:</p>
<ul id="EN-US_TOPIC_0125560431__ul33251304"><li id="EN-US_TOPIC_0125560431__li42305330">The signature is both Base64 and URL encoded.</li><li id="EN-US_TOPIC_0125560431__li45203650"><strong id="EN-US_TOPIC_0125560431__b4179666">Expires</strong> in <strong id="EN-US_TOPIC_0125560431__b37616995">StringToSign</strong> corresponds to <strong id="EN-US_TOPIC_0125560431__b7244143513516">Date</strong> in authorization information.</li></ul>
<pre class="screen" id="EN-US_TOPIC_0125560431__screen38936817121337">StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Expire + "\n" + CanonicalizedOBSHeaders + CanonicalizedResource.
Signature = URL-Encode(Base64( HMAC-SHA1( UTF-8-Encoding-Of(YourSecretAccessKeyID, StringToSign ) ) )).</pre>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0125560435.html">Authenticating a Request</a></div>
</div>
</div>
View Git Blame Copy Permalink