SQS Client: Authentication failing - "The security token included in the request is invalid" #6715
Description
Checkboxes for prior research
- I've gone through Developer Guide and API reference
- I've checked AWS Forums and StackOverflow.
- I've searched for previous similar issues and didn't find any solution.
Describe the bug
When attempting to authenticate with SQS via the JS client, an error occurs indicating that the auth token is invalid.
The client doesn't work with other SigV4 verifiers either - I discovered this when attempting to use this with my own SQS-compatible API service, and then tested it with the real SQS to ensure the issue wasn't with my implementation.
When attempting to authenticate with my SigV4 backend, the signature appears to be incorrect when verifying - I can use Python and other SQS clients with my backend with no issues as they seem to generate the correct signatures.
Regression Issue
- Select this option if this issue appears to be a regression.
SDK version number
@aws-sdk/[email protected]
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
node v22.10.0
Reproduction Steps
Assumes the existence of a queue called test in us-west-1
const sqs = new SQSClient({
region: "us-west-1",
credentials: {
accessKeyId: "...",
secretAccessKey: "...",
},
});
const res = await sqs.send(
new GetQueueUrlCommand({
QueueName: "test",
}),
);
const url = res.QueueUrl;
console.log(`Queue URL: ${url}`);Observed Behavior
/Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@smithy/smithy-client/dist-cjs/index.js:836
const response = new exceptionCtor({
^
InvalidClientTokenId: The security token included in the request is invalid.
at throwDefaultError (/Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@smithy/smithy-client/dist-cjs/inde
x.js:836:20)
at /Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@smithy/smithy-client/dist-cjs/index.js:845:5
at de_CommandError (/Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@aws-sdk/client-sqs/dist-cjs/index.js
:1276:14)
at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
at async /Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:20
at async /Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@smithy/core/dist-cjs/index.js:168:18
at async /Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@smithy/middleware-retry/dist-cjs/index.js:320:3
8
at async file:///Users/willothy/work/fortress/nervemq/examples/node.js/dist/index.js:21:24
at async /Users/willothy/work/fortress/nervemq/examples/node.js/node_modules/@aws-sdk/middlew
at async main (file:///Users/willothy/work/fortress/nervemq/examples/node.js/dist/index.js:29:17) {
'$fault': 'client',
'$metadata': {
httpStatusCode: 403,
requestId: '024a9a6a-9ff2-5a22-883d-c5a62c6de2b5',
extendedRequestId: undefined,
cfId: undefined,
attempts: 1,
totalRetryDelay: 0
},
__type: 'com.amazon.coral.service#UnrecognizedClientException',
Code: 'InvalidClientTokenId',
Type: 'Sender'
}
Expected Behavior
Authentication should work and I should be able to use the SQS API from Nodejs.
Possible Solution
No response
Additional Information/Context
No response