Open jdart opened 3 years ago
Hi Thanks for the issue, We need to use stripcslashes($payload) to unescape sequences in payload but it will not cause any issue in terms of creating signature. Let us know about complete error/issues faced from your side
So this works for me, note I have to escape the payload before turning it into a js string
<?php
require '../vendor/autoload.php';
use Amazon\Pay\API\Client;
$publicKeyId = '...';
$payload = json_encode([
'storeId' => '...',
'webCheckoutDetails' => [
'checkoutReviewReturnUrl' => 'https://.../review',
],
]);
$client = new Client([
'private_key' => file_get_contents('...pem'),
'public_key_id' => $publicKeyId,
'region' => 'US',
]);
$signature = $client->generateButtonSignature($payload);
?>
<html>
<body>
<div id="AmazonPayButton"></div>
<script src="https://static-na.payments-amazon.com/checkout.js"></script>
<script type="text/javascript" charset="utf-8">
amazon.Pay.renderButton('#AmazonPayButton', {
// set checkout environment
merchantId: '...',
publicKeyId: <?php echo json_encode($publicKeyId) ?>,
ledgerCurrency: 'USD',
checkoutLanguage: 'en_US',
placement: 'Cart',
buttonColor: 'Gold',
createCheckoutSessionConfig: {
payloadJSON: <?php echo json_encode(stripcslashes($payload)) ?>, // <--- the interesting bit
signature: <?php echo json_encode($signature) ?>,
}
});
</script>
</body>
</html>
But this doesn't
<?php
require '../vendor/autoload.php';
use Amazon\Pay\API\Client;
$publicKeyId = '...';
$payload = json_encode([
'storeId' => '...',
'webCheckoutDetails' => [
'checkoutReviewReturnUrl' => 'https://.../review',
],
]);
$client = new Client([
'private_key' => file_get_contents('...pem'),
'public_key_id' => $publicKeyId,
'region' => 'US',
]);
$signature = $client->generateButtonSignature($payload);
?>
<html>
<body>
<div id="AmazonPayButton"></div>
<script src="https://static-na.payments-amazon.com/checkout.js"></script>
<script type="text/javascript" charset="utf-8">
amazon.Pay.renderButton('#AmazonPayButton', {
// set checkout environment
merchantId: '...',
publicKeyId: <?php echo json_encode($publicKeyId) ?>,
ledgerCurrency: 'USD',
checkoutLanguage: 'en_US',
placement: 'Cart',
buttonColor: 'Gold',
createCheckoutSessionConfig: {
payloadJSON: <?php echo json_encode($payload) ?>, // <--- no strip cslashes
signature: <?php echo json_encode($signature) ?>,
}
});
</script>
</body>
</html>
I tried using this library today and was getting errors like below when clicking the checkout button in the browser:
Error Code: InvalidSignatureError
I was following the documentation here. After struggling with this issue I tried removing the call to stripcslashes on the line below.
https://github.com/amzn/amazon-pay-api-sdk-php/blob/master/Amazon/Pay/API/Client.php#L404
Without stripcslashes it looked like
$hashedButtonRequest = self::AMAZON_SIGNATURE_ALGORITHM . "\n" . $this->hexAndHash($payload);
. With that change suddenly my checkouts were working. I also found that mangling the value passed topayloadJSON
with stripcslashes got things working as an alternative to editing the library.Anyway, the stripcslashes seems to be causing issues.