Skip to content

Signature Notes and Highlights

WebbinRoot edited this page Mar 9, 2026 · 1 revision

Signature Notes and Highlights

Primary reference (authoritative signing basis):

The notes below call out notable OCISigner behaviors and implementation highlights relative to that signing model.

Table of Contents

Timestamp Behavior

  • If both date and x-date are present, x-date is used in the signing string.
  • With Update timestamp enabled, OCISigner refreshes date / x-date before signing.

Standard Body-Header Signing

For standard OCI signing behavior, PUT/POST requests include body headers in the signature set:

  • x-content-sha256
  • content-type
  • content-length

This includes empty-body PUT/POST requests where required headers are still part of signing behavior.

Object Storage PUT Exceptions

For these two Object Storage PUT APIs only, there is a smaller number of required signed headers that include request-target + host + date/x-date:

  • PutObject: /n/{namespace}/b/{bucket}/o/{object}
  • UploadPart: /n/{namespace}/b/{bucket}/u/{uploadId}/id/{partNumber}

Additional headers normally required for PUT/POST requests are signed as present. For example:

  • If x-content-sha256 is present, it is signed.
  • If content-length is present, it is signed.
  • If both are present, both are signed.

Signing Mode Notes

  • Standard (OCI SDK) follows SDK/provider behavior for the selected auth mode.
  • Manual (custom) uses OCISigner manual-signing logic and allows custom signing behavior control.

Validation Behavior

  • Test Credentials validates provider material and signing readiness.
  • Most auth methods may probe namespace endpoint behavior where applicable.
  • Instance Principal has a different validation path focused on federation token flow.