in packages/aws-appsync-auth-link/src/signer/signer.ts [225:277]
var sign = function (request, access_info, service_info = null) {
request.headers = request.headers || {};
// datetime string and date string
var dt = new Date(),
dt_str = dt.toISOString().replace(/[:-]|\.\d{3}/g, ''),
d_str = dt_str.substr(0, 8),
algorithm = 'AWS4-HMAC-SHA256';
var url_info = url.parse(request.url)
request.headers['host'] = url_info.host;
request.headers['x-amz-date'] = dt_str;
if (access_info.session_token) {
request.headers['X-Amz-Security-Token'] = access_info.session_token;
}
// Task 1: Create a Canonical Request
var request_str = canonical_request(request);
// Task 2: Create a String to Sign
service_info = service_info || parse_service_info(request);
var scope = credential_scope(
d_str,
service_info.region,
service_info.service
);
var str_to_sign = string_to_sign(
algorithm,
request_str,
dt_str,
scope
);
// Task 3: Calculate the Signature
var signing_key = get_signing_key(
access_info.secret_key,
d_str,
service_info
),
signature = get_signature(signing_key, str_to_sign);
// Task 4: Adding the Signing information to the Request
var authorization_header = get_authorization_header(
algorithm,
access_info.access_key,
scope,
signed_headers(request.headers),
signature
);
request.headers['Authorization'] = authorization_header;
return request;
};