diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 288a8d2f4dd..49cfc4dab89 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -496,6 +496,30 @@ int RGWOp::verify_op_mask()
   return 0;
 }
 
+int RGWOp::do_aws4_auth_completion()
+{
+  int ret;
+
+  if (s->aws4_auth_needs_complete) {
+    /* complete */
+    ret = RGW_Auth_S3::authorize_aws4_auth_complete(store, s);
+    s->aws4_auth_needs_complete = false;
+    if (ret) {
+      return ret;
+    }
+    /* verify signature */
+    if (s->aws4_auth->signature != s->aws4_auth->new_signature) {
+      ret = -ERR_SIGNATURE_NO_MATCH;
+      ldout(s->cct, 20) << "delayed aws4 auth failed" << dendl;
+      return ret;
+    }
+    /* authorization ok */
+    dout(10) << "v4 auth ok" << dendl;
+  }
+
+  return 0;
+}
+
 int RGWOp::init_quota()
 {
   /* no quota enforcement for system requests */
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 254fbd4f5f7..f1989e3f140 100644
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -84,6 +84,8 @@ protected:
   RGWQuotaInfo user_quota;
   int op_ret;
 
+  int do_aws4_auth_completion();
+
   virtual int init_quota();
 public:
 RGWOp() : s(NULL), dialect_handler(NULL), store(NULL), cors_exist(false),
diff --git a/src/rgw/rgw_rest.h b/src/rgw/rgw_rest.h
index 8f1c4edf361..a60d9a7dbc2 100644
--- a/src/rgw/rgw_rest.h
+++ b/src/rgw/rgw_rest.h
@@ -189,7 +189,7 @@ public:
 
   virtual int verify_params();
   virtual int get_params();
-  int get_data(bufferlist& bl);
+  virtual int get_data(bufferlist& bl);
 };
 
 class RGWPostObj_ObjStore : public RGWPostObj
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 590f326aaf4..55ef699b371 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -812,6 +812,19 @@ int RGWPutObj_ObjStore_S3::get_params()
   return RGWPutObj_ObjStore::get_params();
 }
 
+int RGWPutObj_ObjStore_S3::get_data(bufferlist& bl)
+{
+  int ret = RGWPutObj_ObjStore::get_data(bl);
+  if (ret < 0)
+    s->aws4_auth_needs_complete = false;
+  if ((ret == 0) && s->aws4_auth_needs_complete) {
+    int ret_auth = do_aws4_auth_completion();
+    if (ret_auth)
+      return ret_auth;
+  }
+  return ret;
+}
+
 static int get_success_retcode(int code)
 {
   switch (code) {
diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h
index 606986afc8f..e7c500c7451 100644
--- a/src/rgw/rgw_rest_s3.h
+++ b/src/rgw/rgw_rest_s3.h
@@ -140,6 +140,7 @@ public:
   ~RGWPutObj_ObjStore_S3() {}
 
   int get_params();
+  int get_data(bufferlist& bl);
   void send_response();
 };