Closed kamalmostafa closed 1 year ago
Hello! Thanks for the issue. If this is a general help question, for a faster response consider joining the official Discord Server
Else if you have an issue with the library please wait for someone to help you here.
Use the twitch-cli test tool ( https://github.com/twitchdev/twitch-cli ) to generate and send dummy eventsub messages to the TwitchIO eventsub client... but specify a bogus webhook_secret instead of the correct secret, e.g.:
$ twitch -F "$CALLBACK_URL" -s "bogussecret" event trigger follow
TwitchIO recognizes the mismatch and logs in BaseEvent.verify():
Recieved a message with an invalid signature, discarding.
but the client then proceeds to run_event() the notification event anyway!TwitchIO eventsub should (actually) reject messages which don't pass webhook_secret verification.