View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007359 | module Amazon Pay | main | public | 2022-09-20 09:51 | 2023-02-01 11:36 |
| Reporter | osanger | Assigned To | |||
| Priority | urgent | Severity | block | Reproducibility | always |
| Status | resolved | Resolution | unable to reproduce | ||
| Product Version | 2.0.0 | ||||
| Fixed in Version | 2.0.1 | ||||
| Summary | 0007359: Amazon Pay Button not working | ||||
| Description | Merchants are reaching out to us since the button in version 2.0.0 is not working. The button triggers an AJAX request ending up in a 500 error (find gif attached). This issue is reproducible with our test shop in a blank oxid installation. We double checked that the merhcant is using the correct keys - the fact the button is rendering shows us that the account is valid and the right keys are in use. This is a major issue for us causing a loss of merchant trust and a bad customer experience. Can you please investigate? | ||||
| Steps To Reproduce | Option 1: Go to https://shop.kemmlit.de/ and hit the Button on the Product detail page (see gif attached) Option 2: Go to our oxid test shop https://amzn-module.oxid-esales.com/ (htaccess: amazon/oxid) | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
|
|
@osanger: Mostly it has something todo with die Private-Key. The Amazon-SDK, that we use for the module check the string of the ssh-key: \vendor\amzn\amazon-pay-api-sdk-php\Amazon\Pay\API\Client.php -> setupRSA() If it not found "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" in the string, than the client think, that the string is a path on the server. And try to read this path for getting the Private-Key. So the solution would be to set a complete private-key with all comments in the config-backend. |
|
|
We have to support both key headers With and without the RSA. If this is the root cause, please fix. |
|
|
@osanger: We couldnĀ“t fix it, because the behavoir is in your SDK. Please let your development fix it and let us know a new SDK version. |
|
|
It's available in the SDK now: https://github.com/amzn/amazon-pay-api-sdk-php/blob/6c579f070b4d9a05266cd728e3f5e7281628f538/Amazon/Pay/API/Client.php#L419 Please fix. |
|
|
Hello @osanger, Nothing has been fixed by Amazon yet. Once again: The SDK you maintain, which we cannot change, checks at this point (which you sent us as a link in the ticket: https://github.com/amzn/amazon-pay-api-sdk-php/blob/6c579f070b4d9a05266cd728e3f5e7281628f538/Amazon/Pay/API/Client.php#L419 ) ,.. whether the string contains the word "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY". If not, the SDK assumes it's a URL, even though it ended up being a key. The string "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" is part of a comment placed at the head of the key string. It is normally not necessary for the function of the key. However, the SDK uses this comment to identify a "formally" correct key. Amazon did not change the position in the SDK either. It still looks the same as we're using it right now. Now there are two solutions: 1) You fix the SDK 2) We will also reject keys that do NOT contain the comment string "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" in the future. As I said, this leads to confusion because the key is correct even without the comment. |
|
|
Dear Mario, I heard your concerns. The merchant tried with both keys containing "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY" it did not work either. Can you have a look again. Is it possible that the key is not stored within the database or it gets lost? I setup the testshop with a private key on Wednesday and it worked there, but on thursday it didn't work anymore. Did you change any settings here? However, I added a working key now and the integration is working again. Best, Oliver |
|
|
Hello @osanger, If I understand correctly, you are using our demo system for your tests. This is sufficient for quick tests. But if you want to be sure that nobody else changes your settings, then install your own test system. Then you can work better with it. Bu back to the merchant. I can't reproduce the wrongdoing. If I store my private key, it always stays there, even if I log out of my shop and then log back in and look at the settings. My key looks like this (! It's not real, it only looks like it!) and it works: -----BEGIN PRIVATE KEY----- MIIEogIBAAKCAQEAmucpxPAGWbDShBp6wmz09wcTqICSeSZZrGPfG0trzFvAC8Ct YleoeIy/wiufgYXEaEO+OmDmCths4x0+kSSdf8iDtdHy8ZbllLE8UMmZw9wT4p6T 5QoxkVZa3SbJH3e80Ck5PBoAQtcaWLT2Hry/iTFpfavhhBH5Qkt2Ukj2yaosz1Tt kLERlB2NnzeMycCElytV87B3+NheXULWqxSnLmk2i0hcoXliqyNmMONZe9ztBHtf yNzVRn7ZCtHY9SbSaXfnD0MNthPtCMU1WWfH7kOtfKEAfnT49ohjUVYvotgiIVrd KVtGwdx0Fb3m2A+EyjMdefXBpx8U7gaNLX1Q0QIDAQABAoIBACtNrjaY5x2Rufgm MuVBcmXQe6VidBAcMXto3AkUV4lkqNZgQdg5KyawKjdM3KVn0NVZAsftKMIlaKNB HKmUs9byJifhDmqNRZcAyRzIjwza7FAxBqVD6UF5A6PJYPZEEeubap2royEMYxgj Vp6XI3Bl+NiiAURbhfQLhoNQVHVhhZozuM353PRvVimJVqIgGbQGNC4YYTCsK3fG NWphYc0Q+pPuZN1x3osQQ9mFX9h7pVHVDZuAPqv2PpZHhJ4y73FELvc892UhHDri fc7II22YU11lgSnwrl2KaPml+CnUoTVzu3lqCOeTHIYo0tAZhztLes1iDSp6Rwqh cnUmCEECgYEA6oeHEWVmvUWs7t+f0toaaVNPAWyLoK2flJ03P+p9BOb7ZTe2rwAQ h23qdJXictMFIgkkL1ZW2rF0xegviBJVG1hZg+Q9asfG/bUir6FaY8xT5e/Akvbx bp/IHWXczZA+QGXY2zA1UM3i6NEajkmYz6kiZivuYUKi8HkMUSMIB4kCgYEAqRV/ JlsuOwLT53dC4TGiHNQMuty8IxU2BPuPmn0ltY44Lh9k5cMvpqVEskE1rAtuCKNc c3C5D9UQomhQ7KlP+wA+l4wNPi8WIKpiI433XeBZw/oiOBOGnDUQsdjD2RkIFih8 ABW3Tcdts1M1A+UbEVb2nPCJiqrjjLJztwJcZQkCgYB/h6Tdw8sDPwETf8yTxn+4 KFH8zz556A+vq3Hgsqy63rNzTcFsFdfnHNDyBpL1p2PSJzBjAUsHbpm2CFTYZEed MAS1IIZ5Kxs82KN853uUawZwMVgBUoDki8QwoDRaH4aKVBeA0Q0c3Gf3+8S5/LE4 spr+/gKJJsgdhWU6NZdnKQKBgFOCOnpHLl4W13HKhU2Tpe13DZJ80q7BGxz64cH7 bVRuGXEuMDcKX85+cZ9YdZmzS3UYueCKG9yl7sFHpDA+rzHYvRE8Ko4700Hu5OmK hFHpLGyObbgkbKdZzhUIajIfGs9Wz2d7Uj0n8hZPUi/KR8QYn1SDuGq0XA5xVJVe pSOBAoGAJnCk8jgxFzYxkGM3urgEot2jAHph6tfkppi3o6dkdcL5akqAq8cyNAeq wZQw6NsDkRUjcbbE5F8v9BPkltWXddT0hOPpSZG/SiWYYnO61nSKdt/PqDfIYCPC bgpYXLT/YUzVzqYfJDCZcGLxseX1Y042IX48U5IutOBvXJ3S6K4= -----END PRIVATE KEY----- |
