0002-00000202

Issue description

The format of the Authorization header in the request is invalid.

Causes

You initiated a request that uses the V4 signature, but the format of the Authorization header is invalid.

Examples

You initiated a request that uses the V4 signature, but the format of the Authorization header is invalid.

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD

The Authorization header separates the signature version and signature information with a space.

• Signature version: Only OSS4-HMAC-SHA256 is supported.

• Signature information: The signature information is displayed in the form of key-value pairs. Separate key-value pairs with commas (,), and connect keys and values with equal signs (=).

  The key of the signature information includes two required fields (Credential and Signature) and one optional field (AdditionalHeaders). The signature information of the Authorization header must include two or three key-value pairs. However, only one key-value pair is included in the preceding example.

Solutions

Make sure that the format of the Authorization header in the request that uses the V4 signature meets the preceding requirements. Example:

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 Credential=AK**ID/20221220/us-east-1/oss/aliyun_v4_request,AdditionalHeaders=host,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD

References

• For information about how to use Alibaba Cloud SDKs to initiate a request that uses the V4 signature, see Overview.

• Calculate the signature:

  • For information about how to calculate the V4 signature, see Calculate V4 signature by using OSS SDK for Python.

  • For information about how to specify the signature logic based on the V1 signature, see Overview.

  If the server returns a response that contains the StringToSign parameter, you must check whether the value of the StringToSign parameter on the server is the same as the string before calculation.