search

ThomasPe / Alexa.NET.Security

This is a library to authenticate requests sent to an Alexa .NET backend
MIT License
10 stars 6 forks source link

Verify request timestamp #1

Closed ThomasPe closed 5 years ago

ThomasPe commented 7 years ago

This verification step is currently missing:

Check the request timestamp to ensure that the request is not an old request being sent as part of a “replay” attack.

ThomasPe commented 6 years ago

which does not seem to matter since skills get certified regardless...

stoiveyp commented 6 years ago

For completeness I've submitted https://github.com/timheuer/alexa-skills-dotnet/pull/76 to handle the timestamp check required.

matteocontrini commented 5 years ago

This issue is actually fixed, right? Thanks!

EDIT: I just saw that the verification class is actually included in the "core" Alexa.NET project. Am I missing something? What's the purpose of this repository now? 🤔

ThomasPe commented 5 years ago

You're right, this package was created back when Alexa.NET had not yet merged this feature. I'll mark this repo as obsolete.