IncompleteSignatureException in every call I do to endpoint


Example API call is above. Where it returns 8M-L2M9-QV90 SKU in a marketplaceID, you can try it by yourself changing the sku and ID. I am using OAuth 2 library in GoLang, and I am creating the header tokens like this:

`AccessToken: tokens.AccessToken, RefreshToken: tokens.RefreshToken, TokenType: "Bearer", Expiry: expiration`

So I supply AccessToken,RefreshToken,TokenType along with the API call, Expiry is just something that package uses.
Then I setup client and GET request.

tokensource := oauth2.StaticTokenSource(&tokensource_raw)
	oauthclient := oauth2.NewClient(oauth2.NoContext, tokensource)
	resp, err := oauthclient.Get(url)

Where tokensource_raw is the second string I mentioned above, that contains all tokens. TokenSource is created, and given to the http client. URL is the first string I gave as an example. So everything is settled down, assuring tokens are correct too.

When I do the call output is like this;
&{403 Forbidden 403 HTTP/2.0 2 0 map[Content-Length:[875] Content-Type:[application/json] Date:[Tue, 12 Jul 2022 13:12:46 GMT] X-Amz-Apigw-Id:[VJ70SE_loAMF59w=] X-Amzn-Errortype:[IncompleteSignatureException] X-Amzn-Requestid:[e601820e-f5b3-42d8-8bc5-ce558c1913b2]] {0xc000184480} 875 [] false false map[] 0xc0000d8100 0xc000158420}

It shoots Error 403, where RefreshToken and AccessToken is valid (Tested on PostMan seperately) with IncompleteSignatureException where I couldnt find any results on the internet.

I swear, this is the most rocket science authentication system I ever seen and need help.

Edit: Reason I am so sure tokens are right is:

form.Add(“grant_type”, “refresh_token”)
form.Add(“refresh_token”, refresh_tok)
form.Add(“client_id”, clientid)
form.Add(“client_secret”, clientsecret)

This is post form that I am using, and I am getting access token right from with the post form above.


Another comment as a bump because cant even edit the main thread,

req.Header.Add("User-Agent", "three-legged-workhorse/1.0 (Language=Go); Platform=Windows/10")

Added User-Agent too to the headers as it is described, now I supply User-Agent, refresh token, authentication token but I still get IncompleteSignatureException. Even the error codes wasnt needed to be some sort of rocket science.


I’ve tested this and it works just fine. You may have an issue with your code. I would suggest you first try and make these calls via postman first to ensure you have to correct credentials. Then you will be able to better troubleshoot the issue.