No way to sign query params with @aws-sdk/signature-v4-multi-region or @smithy/signature-v4

[justin-masse]

Checkboxes for prior research

• I've gone through Developer Guide and API reference
• I've checked AWS Forums and StackOverflow.
• I've searched for previous similar issues and didn't find any solution.

Describe the bug

Currently it does not appear that there is any mechanism for signing a request that contains querystrings? When I have the IAM Authorizer enabled on an endpoint and sign my request to that endpoint it works fine with POST/GET but if I add ?foo=bar or any querystrings to the request you get a signature mismatch exception.

There does not appear to be ANYTHING in the package to support this, and there's an entire side package that people are using (aws4) to support this (he built hundreds of lines of code around this signQuery param) that converts the request to putting the signature pieces in the query instead of headers.

Am I missing something, or is this just flat out not supported by the sdk currently?

Regression Issue

• Select this option if this issue appears to be a regression.

SDK version number

@aws-sdk/signature-v4-multi-region @ latest

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

node 18 and 20

Reproduction Steps

Create the simple signing code and attempt to add a querystring to the path...

const sigV4 = new SignatureV4MultiRegion({
            credentials,
            region: 'us-east-1',
            service: 'execute-api',
            runtime: 'node', 
            sha256: Sha256,
      })

      const signingRequest: HttpRequest = {
            method: 'GET',
            headers,
            protocol: 'https',
            hostname,
            path: '/test/my-path?foo=bar',
            body,
      }
      const signingOptions: RequestSigningArguments = {}

      const { method, headers, body } = await sigV4.sign(signingRequest, signingOptions)
      return await fetch(url, { method, headers, body })

This will return a signature mismatch exception.

Observed Behavior

This works fine if you drop ?foo=bar off the path (i've also tried moving it into a query: Object.fromEntries(url.searchParams.entries()) || undefined option on the HttpRequest but doesn't appear to do anything either?

This works in boto3 very simply so I'm not sure what is happening in the JS SDK and why it isn't supported?

Expected Behavior

There should be some mechanism present for signing requests that contain query parameters. Similar to how aws4 uses the signQuery?: boolean param to do this.

Possible Solution

No response

Additional Information/Context

No response

[justin-masse]

I'm an idiot, I was appending both query and the querystrings on the path param when I had tested this out. Once I removed the querystrings from path on HTTPREQUEST and just had them in query it was fine.

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.