-
Notifications
You must be signed in to change notification settings - Fork 782
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
event webhook - please provide example for usage in express #1142
Comments
Payload in the sample is an array? Maybe try just passing in the contained object itself. |
Thanks for the hint, but it does not work. Your docs also state that the entire payload has to be used. |
Thanks for reaching out, I've been able to reproduce this issue using my own account. I've reached out to the owning team for further help and will circle back with an update when I hear more. |
Hi @steinroe var express = require('express');
var bodyParser = require('body-parser');
var app = express();
var EventWebhook = require('@sendgrid/eventwebhook');
app.use(bodyParser.text({ type: 'application/json' }));
var isValidSignature = function(req, res, next) {
let eventWebhook = new EventWebhook();
const signature = req.get('X-Twilio-Email-Event-Webhook-Signature');
const timestamp = req.get('X-Twilio-Email-Event-Webhook-Timestamp');
const ecPublicKey = eventWebhook.convertPublicKeyToECDSA('<your_public_key>');
if (eventWebhook.verifySignature(ecPublicKey, req.body, signature, timestamp)) {
next();
} else {
res.status(400).end();
}
};
app.use(isValidSignature);
app.post('/', function (req, res) {
// do something with the request
res.status(200).end();
});
app.listen(3000); The key here was using Hope this helps! |
Edit 3 (Final update..). Got live requests working 🎉 import * as functions from "firebase-functions";
import * as express from "express";
//NOTE: We are not using body-parser middleware here.
app.post("/sendgrid/webhook", async (req, resp) => {
try {
const signature = req.header("x-twilio-email-event-webhook-signature")!;
const timestamp = req.header("X-Twilio-Email-Event-Webhook-Timestamp")!;
//getConfig is mostly a wrapper to functions.config() to get cloud function configuration json
const key = getConfig().sendgrid.webhook_verification_key
//Because this is a cloud function environment, we can access the original request body (not the parsed payload) on req.rawBody.
//We need to cast to functions.https.Request because `rawBody` is not available on the normal express.Request object.
//the rawBody is of type {Buffer}, so we need to call .toString to convert it into the correct format. Default encoding is `utf8`
const bodyPayload = (req as functions.https.Request).rawBody.toString();
//See note below in "edit 2" on how SecurityService is used, and what the body of the verifySendgrid function looks like.
const verified = await SecurityService.shared.verifySendgrid(bodyPayload, timestamp, signature, key)
logger.info("Sendgrid key verified", verified);
if (!verified) {
resp.sendStatus(403);
return
}
resp.send(204);
} catch (error) {
logger.error("Failed to process webhook", error);
resp.status(500).send(error);
return;
}
}) Edit 2: Ok, some progress. I have a unit test that I can use string values to check signature validation. I pull these values off of the incoming request logs. I'm able to get my tests to pass signature validation in some cases- but as @eshanholtz alludes to, it depends on the format of the request body (not a big surprise there). However, getting the incoming request to format/encode correctly has been a challenge. A couple notes: I'm using express with Firebase Cloud Functions. It looks like @steinroe is also using Cloud Functions based on the use of Examples of data that does and does not work are below. I'm using the Sendgrid Test event in all cases, triggering it in the Sendgrid UI to my local computer using ngrok. My validation code lives in a class I'm calling //SecurityService.ts
const EventWebhook = require('@sendgrid/eventwebhook');
...
verifySendgrid(body: string | Buffer |any, timestamp: string, signature: string, validationKey: string): boolean {
const webhook = new EventWebhook();
const publicKey = webhook.convertPublicKeyToECDSA(validationKey);
const verified = webhook.verifySignature(publicKey, body, signature, timestamp);
logger.info("Webhook verified", verified)
return verified;
} Here are some various data payloads and the result from the validation, as triggered from my unit test //DOES NOT WORK
const Data = {
signature: "MEUCIEJV9mjasgYQMJLoZTPgHww0laxlXwR8AjAiezlLp3vNAiEAz8Mo5AKH33lnJBt5wcn12gfK2X3hLhfOOV2BkhwHqdg=",
publicKey: publicKey,
timeStamp: "1592435350",
rawBody: "[{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"processed\",\"category\":[\"cat facts\"],\"sg_event_id\":\"G4Kr_WXkNOj7fRyXeUtUGA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"deferred\",\"category\":[\"cat facts\"],\"sg_event_id\":\"nKg8u1NDYXJRXmzaxH1liQ==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"response\":\"400 try again later\",\"attempt\":\"5\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"delivered\",\"category\":[\"cat facts\"],\"sg_event_id\":\"VSLUsDbr8h4a2Y6KpduYRg==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"response\":\"250 OK\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"open\",\"category\":[\"cat facts\"],\"sg_event_id\":\"Xd2JG8frysTHncXYShy48w==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"click\",\"category\":[\"cat facts\"],\"sg_event_id\":\"hg0SHdJRspW-ZaVI3CyikQ==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"bounce\",\"category\":[\"cat facts\"],\"sg_event_id\":\"SDgDiMR1k-dm-_rmNkc89A==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"reason\":\"500 unknown recipient\",\"status\":\"5.0.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"dropped\",\"category\":[\"cat facts\"],\"sg_event_id\":\"HnwNZ7xy69KtIjxH4GqL7Q==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"reason\":\"Bounced Address\",\"status\":\"5.0.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"spamreport\",\"category\":[\"cat facts\"],\"sg_event_id\":\"zxvrZ1mzabKL8JgBYaX-hQ==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"unsubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"UGqgITtUIgHTQSMYiiP6HQ==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"group_unsubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"79-zmpw4DHgYVD8_IKLlIw==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\",\"asm_group_id\":10},{\"email\":\"example@test.com\",\"timestamp\":1592435149,\"smtp-id\":\"\u003c14c5d75ce93.dfd.64b469@ismtpd-555\u003e\",\"event\":\"group_resubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"ZBpbMNafmDtIGLewzg630g==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\",\"asm_group_id\":10}]\n",
}
//WORKS
const Data2 = {
signature: "MEUCIAIe0rjIvbAUh8OjNJEyVMJI6U7Em2g7+aZZceFfJUFYAiEAnVYYeMe/KYD1Hm6hxjhBfuB6+vNCkYJ2S8oGMITJqRs=",
publicKey: publicKey,
timeStamp: "1592593735",
body: "[{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"processed\",\"category\":[\"cat facts\"],\"sg_event_id\":\"x20UK2XxckmKJ9OXtRq4ug==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"deferred\",\"category\":[\"cat facts\"],\"sg_event_id\":\"LfQ2UcRW7kj5115Ef449hw==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"response\":\"400 try again later\",\"attempt\":\"5\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"delivered\",\"category\":[\"cat facts\"],\"sg_event_id\":\"Ztr5mr9vQDVJPKBUWutsOw==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"response\":\"250 OK\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"open\",\"category\":[\"cat facts\"],\"sg_event_id\":\"SAN0NDMBhqIh2zpXy-Pj4Q==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"click\",\"category\":[\"cat facts\"],\"sg_event_id\":\"HoNq3smS4vKo9UvEu0Cf-g==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"bounce\",\"category\":[\"cat facts\"],\"sg_event_id\":\"sWfKKQDCqQg1uc7PlAbHlg==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"reason\":\"500 unknown recipient\",\"status\":\"5.0.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"dropped\",\"category\":[\"cat facts\"],\"sg_event_id\":\"W2vsdQPLmZnfgNo1Ct9MzA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"reason\":\"Bounced Address\",\"status\":\"5.0.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"spamreport\",\"category\":[\"cat facts\"],\"sg_event_id\":\"Ej-yXMhNr7UvYyhmQd3JQA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"unsubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"ajvu0Zv5k6uRWsgmlW7xuQ==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"group_unsubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"-b4I2y2bDYe-ysFl9XdY7g==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\",\"asm_group_id\":10},{\"email\":\"example@test.com\",\"timestamp\":1592591453,\"smtp-id\":\"\\u003c14c5d75ce93.dfd.64b469@ismtpd-555\\u003e\",\"event\":\"group_resubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"ZL8SxBrsmF45Uo6mgLBj9A==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\",\"asm_group_id\":10}]\n"
}
//DOES NOT WORK
const Data3 = {
signature: "MEUCIHY4UYzuKHLEORbT7HOEvE7mN7pJ+wDickl/P9Duuhr3AiEAin7zXWziirPsC50gy/mS5ppLLyWD5Pvd7Zw7d+K0JEo=",
publicKey: publicKey,
timeStamp: "1592594548",
body: "[{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"processed\",\"category\":[\"cat facts\"],\"sg_event_id\":\"_GWGyz7BmenNrCvqOzY8xw==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"deferred\",\"category\":[\"cat facts\"],\"sg_event_id\":\"oLjoX_iAZZ4e1VYajkEVnw==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"response\":\"400 try again later\",\"attempt\":\"5\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"delivered\",\"category\":[\"cat facts\"],\"sg_event_id\":\"QSqMEMMMCHKo49KQNirhlA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"response\":\"250 OK\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"open\",\"category\":[\"cat facts\"],\"sg_event_id\":\"MSQIA6RaVjmREBCbQCM4sA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"click\",\"category\":[\"cat facts\"],\"sg_event_id\":\"2-uBjQoOWl587NXVco4EoA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"bounce\",\"category\":[\"cat facts\"],\"sg_event_id\":\"8SY-_eku8e2q_0RNAo74-Q==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"reason\":\"500 unknown recipient\",\"status\":\"5.0.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"dropped\",\"category\":[\"cat facts\"],\"sg_event_id\":\"T88HJGZDMRmGlOyrPmAQiA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"reason\":\"Bounced Address\",\"status\":\"5.0.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"spamreport\",\"category\":[\"cat facts\"],\"sg_event_id\":\"CU0CGQs46sefZKgR22pMkw==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"unsubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"qjGdug6jC4QQOMyjFaTChQ==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\"},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"group_unsubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"iZ5CFG6-mCeTCmn_aj9yRQ==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\",\"asm_group_id\":10},{\"email\":\"example@test.com\",\"timestamp\":1592593964,\"smtp-id\":\"<14c5d75ce93.dfd.64b469@ismtpd-555>\",\"event\":\"group_resubscribe\",\"category\":[\"cat facts\"],\"sg_event_id\":\"nqwBVclSeqfbxoEqsyfUfA==\",\"sg_message_id\":\"14c5d75ce93.dfd.64b469.filter0001.16648.5515E0B88.0\",\"useragent\":\"Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\",\"ip\":\"255.255.255.255\",\"url\":\"http://www.sendgrid.com/\",\"asm_group_id\":10}]"
} Edit: actually, my signatures are not verifying. I just was no longer getting an error. I see that the public key is parsing correctly. Digging deeper, it looks like all of the set up values are at least valid-looking (the StarkBank SDK is able to parse public key, signature with values for X,Y,and R,C), but the signature verification comes back as false. I've tried using the bodyParser as suggested, and that doesn't seem to do the trick for me, either. === original post === However, I spent the last 2 days trying to get this event signing to work, and tried a number of libraries for validating these signatures, and none of them worked. I am on node 10, so the example linked in the documentation that references the Node Crypto library wouldn't work for me (as it was only available on node 14). I tried all of the popular elliptic crypto libraries on NPM, and none of them worked for lots of reasons- unable to parse the signature, unable to parse the public key, etc. I tried all of the different curve options provided by the None of my googling surfaced the Starkbank library. Even if i found it, i likely wouldn't have trusted it as only been downloaded ~100 times. I wrote to support, and they attempted to escalate the request - still haven't heard back. It wasn't until a friend dug out the pull request from @eshanholtz for the The good news is that using the package, is as able to verify signatures on the first try. Please, please, please update your documentation/readme to at least mention all of the various SDKs that are available in this monorepo. That small hint would have saved me 2 days of frustration. |
…endgrid-nodejs#1142 for more information
First of all, sorry for my late response and thanks for the help @eshanholtz! Unfortunately, I can agree with @neilpoulin. Whatever I tried, including your source code, did not work and I always got false back. However, thanks to the code from @neilpoulin, it finally worked. I guess what was missing in your code @eshanholtz was the toString(). |
I just ran into this signature verification issue when implementing a new webhook.
I have to agree with this. After reading the webhook docs online, I resorted to using |
Thank you all for your feedback! I have opened PR #1153 to update the interface for the signature verification function to accept both |
Changes will be included in the next release scheduled for tomorrow, 2020-06-24 |
Issue Summary
I am struggling with the EventWebhook signing procedure a while now and can't get it to work. Tried multiple options, including using the raw req body for the timestamp. The verification always fails..
Edit: I am using the verifySignature function from the eventwebhook package here.
Edit 2: Added sample data that was gathered by logging the respective constants.
Steps to Reproduce
Code Snippet
Exception/Log
Unauthorized Request
The text was updated successfully, but these errors were encountered: