It's my first time playing with Oracle Cloud (or any cloud for that matter) and I'm doing a self-learning exercise where I've created an Angular application (not AngularJS) and I want to upload images in my Oracle Cloud Object Storage Bucket. I'm working on the assumption that what I'm trying to achieve is possible with only Angular (i.e: no mid-tier is required, like PHP, C#, Java, etc).
I'm at the point where I need to create the "authorization" header that is (to my understanding) used to authenticate the PUT request, and I'm unable to get this working. From what I understand reading the Request Signature documentation, it appears that I might not actually be able to do it purely in Angular and that some sort of mid-tier would be necessary, as the documentation shows only code examples for mid-tier technologies.
What I'd like to know is it even technically possible to call the Oracle Cloud Object Storage API with only a front-end framework like Angular? I've tried using CryptoJS and using something like HmacSHA256 to generate the signature, but every time the API call is executed, Oracle Cloud constantly recevie the following error:
error:
code: "NotAuthenticated"
message: "The required information to complete authentication was not provided."
Based on the [Request Signature documentation], the only headers I need are (request-target), host, and date, so those are the only ones I'm including.
If it is technically possible to achieve the authentication with only Angular (without using a mid-tier), I'd then be fairly confident that what I'm doing to create the signature is incorrect, and what I would be seeking at that point is some help in creating that signature to get authenticated. If it's not, I guess this is where my experiment ends.
Thank you all for your help in advance!
After approximately a month with no response, I've decided to provide an answer to my own question after doing my own investigative work.
No; it's not possible to authenticate oneself to Oracle Cloud using only the Angular framework without a mid-tier. Oracles own official documentation on the subject also points towards this conclusion.
The authentication process requires the use of assets that - to my knowledge - don't exist in a purely Angular form. One in particular that is needed is the OpenSSL cryptography extension that from my own investigative work indicates a mid-tier is required. These OpenSSL dependencies only exist on a mid-tier environment such as PHP, or .NET for example.
This of course makes perfect sense, as having Angular doing all the authentication would be pretty insecure as it would expose some very important information on the client side (browser) that could be used to perform malicious activities. Though as I said in the original post, this was more of an exercise to see if it was possible to get it working with only Angular and not if it was actually correct or secure to do so.