Update Request Header to Signature-256

alexa-js / alexa-verifier-middleware

An express middleware that verifies HTTP requests sent to an Alexa skill are sent from Amazon.

MIT License

31 stars 6 forks source link

Update Request Header to Signature-256 #47

Closed rmtuckerphx closed 9 months ago

rmtuckerphx commented 1 year ago

In March 2022, Amazon changed the header from Signature to Signature-256 See https://github.com/alexa/alexa-skills-kit-sdk-for-nodejs/commit/a1652383648e9e9da42b301aa033a4143f9cdf64

This matches the updated docs: https://developer.amazon.com/en-US/docs/alexa/custom-skills/host-a-custom-skill-as-a-web-service.html#check-request-signature

mreinstein commented 10 months ago

alexa-verifier@4.0.0 uses SHA-256 signature verification now, which should make implementing this pretty trivial (basically just bump the dep and change the request header that is read.)