View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007359||module Amazon Pay||main||public||2022-09-20 09:51||2023-02-01 11:36|
|Status||resolved||Resolution||unable to reproduce|
|Target Version||Fixed in Version||2.0.1|
|Summary||0007359: Amazon Pay Button not working|
|Description||Merchants are reaching out to us since the button in version 2.0.0 is not working. The button triggers an AJAX request ending up in a 500 error (find gif attached).|
This issue is reproducible with our test shop in a blank oxid installation.
We double checked that the merhcant is using the correct keys - the fact the button is rendering shows us that the account is valid and the right keys are in use.
This is a major issue for us causing a loss of merchant trust and a bad customer experience. Can you please investigate?
|Steps To Reproduce||Option 1:|
Go to https://shop.kemmlit.de/ and hit the Button on the Product detail page (see gif attached)
Go to our oxid test shop https://amzn-module.oxid-esales.com/ (htaccess: amazon/oxid)
|Tags||No tags attached.|
issue-oxid-1.gif (1,641,695 bytes)
@osanger: Mostly it has something todo with die Private-Key. The Amazon-SDK, that we use for the module check the string of the ssh-key:
\vendor\amzn\amazon-pay-api-sdk-php\Amazon\Pay\API\Client.php -> setupRSA()
If it not found "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" in the string, than the client think, that the string is a path on the server. And try to read this path for getting the Private-Key.
So the solution would be to set a complete private-key with all comments in the config-backend.
||We have to support both key headers With and without the RSA. If this is the root cause, please fix.|
||@osanger: We couldn´t fix it, because the behavoir is in your SDK. Please let your development fix it and let us know a new SDK version.|
It's available in the SDK now: https://github.com/amzn/amazon-pay-api-sdk-php/blob/6c579f070b4d9a05266cd728e3f5e7281628f538/Amazon/Pay/API/Client.php#L419
Nothing has been fixed by Amazon yet. Once again:
The SDK you maintain, which we cannot change, checks at this point (which you sent us as a link in the ticket:
) ,.. whether the string contains the word "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY".
If not, the SDK assumes it's a URL, even though it ended up being a key.
The string "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" is part of a comment placed at the head of the key string. It is normally not necessary for the function of the key. However, the SDK uses this comment to identify a "formally" correct key.
Amazon did not change the position in the SDK either. It still looks the same as we're using it right now.
Now there are two solutions:
1) You fix the SDK
2) We will also reject keys that do NOT contain the comment string "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" in the future.
As I said, this leads to confusion because the key is correct even without the comment.
I heard your concerns. The merchant tried with both keys containing "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" it did not work either.
Can you have a look again. Is it possible that the key is not stored within the database or it gets lost?
I setup the testshop with a private key on Wednesday and it worked there, but on thursday it didn't work anymore. Did you change any settings here?
However, I added a working key now and the integration is working again.
If I understand correctly, you are using our demo system for your tests. This is sufficient for quick tests. But if you want to be sure that nobody else changes your settings, then install your own test system. Then you can work better with it.
Bu back to the merchant. I can't reproduce the wrongdoing. If I store my private key, it always stays there, even if I log out of my shop and then log back in and look at the settings.
My key looks like this (! It's not real, it only looks like it!) and it works:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----