Issue with Pre-Signed URL - Always Receiving 403

1

Hello Community, I am currently working on a project where I am using a pre-signed URL to connect to an MQTT server. However, I am consistently receiving a 403 error when attempting to establish the connection. Interestingly, when I use the same pre-signed URL with the AWS IoT library, the connection is successful and everything works as expected. This leads me to believe that the issue is not with the URL itself, but perhaps with how I am using it in my project. Here is the code snippet where I am using the pre-signed URL:

private const val completeUrl = "wss://XXXX-ats.iot.us-east-1.amazonaws.com:443/mqtt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAWMVZ7DAMWRZXXXXFus-east-1%2Fiotdevicegateway%2Faws4_request&X-Amz-Date=20240725T171507Z&X-Amz-SignedHeaders=host&X-Amz-Signature=SIGNATURE&X-Amz-Security-Token=TOKEN"

fun connect(completeUrl: String) {
    val uri = URI(completeUrl)

    val client = MqttClient.builder()
        .identifier("eb368f23-5278-4bdf-9fda-2cdb023be1ca")
        .serverHost(uri.host)
        .serverPort(uri.port)
        .sslWithDefaultConfig()
        .webSocketConfig(
            MqttWebSocketConfig.builder()
                .serverPath(uri.path)
                .queryString(uri.query)
                .subprotocol("mqtt")
                .build()
        ).useMqttVersion5()
        .buildAsync()

    client.connectWith()
        .send()
        .whenComplete { _, throwable ->
            if (throwable != null) {
                throwable.printStackTrace()
            } else {
                println("Connected")
            }
        }
}

This is the error that I got it:

com.hivemq.client.mqtt.exceptions.ConnectionFailedException: io.netty.handler.codec.http.websocketx.WebSocketClientHandshakeException: Invalid handshake response getStatus: 403 Forbidden
Caused by: io.netty.handler.codec.http.websocketx.WebSocketClientHandshakeException: Invalid handshake response getStatus: 403 Forbidden
	at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:312)
	at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker.finishHandshake(WebSocketClientHandshaker.java:364)
	at com.hivemq.client.internal.mqtt.handler.websocket.MqttWebsocketHandshakeHandler.finishHandshake(MqttWebsocketHandshakeHandler.java:103)
	at com.hivemq.client.internal.mqtt.handler.websocket.MqttWebsocketHandshakeHandler.channelRead(MqttWebsocketHandshakeHandler.java:94)
2

Hi @ezequielmessore

Welcome aboard to the HiveMQ Community! It’s fantastic that you’re interested in MQTT and the HiveMQ broker. We’re thrilled to have you as part of our community.

Thank you for reaching out about this issue. I understand you’re encountering a 403 error when trying to connect to an MQTT server using a pre-signed URL. Let’s explore a few potential solutions:

  • Testing with Other MQTT Clients: Have you tried connecting using this URL with other MQTT clients, such as MQTT Explorer? This could help determine if the issue is specific to your Java implementation or if it’s a more general problem with the URL.
  • If MQTT Explorer or other clients also can’t connect using this URL, it’s possible that the URL itself might be invalid or expired. Pre-signed URLs often have a limited lifespan.
  • Could you please check if the URL is properly encoded? Sometimes, special characters in URLs can cause issues if not properly encoded.
  • If you find that the URL is encoded, you might need to decode it before using it in your Java code. You can use the java.net.URLDecoder class for this: URLDecoder.decode(encodedUrl, StandardCharsets.UTF_8);

I hope these suggestions help you resolve the issue.

Best,
Dasha from the HiveMQ Team