Closed cfjedimaster closed 7 years ago
mreinstein
commented
7 years ago https://github.com/mreinstein/alexa-verifier/blob/master/index.js#L101
I would log the values that you pass into the verifier function. What values are being passed for cert_url, signature, requestRawBody ?
mreinstein
commented
7 years ago if you're using expressjs, you might find this middleware is easier to use:
https://github.com/alexa-js/alexa-verifier-middleware
(internally it's using my module for the same logic but provides a nice pre-packaged express middleware)
cfjedimaster
commented
7 years ago Not Express, a serverless framework (OpenWhisk). I'm afk for a while, but will get back to you (although it may be Monday). Thank you!
mreinstein
commented
7 years ago Ah ok. Im fairly certain the problem has to do with not passing in at least one of those Parameters. Good luck! Will be here if you have more questions.
cfjedimaster
commented
7 years ago So - the values do exist, nothing is undefined. If I had to guess, I'd say my problem is with the raw request body. In OpenWhisk, I do not have access to it directly as a string, but rather a JS object that was JSON.parsed from it (to save the developer the trouble of doing that themselves). So in my code, I take that and create a new string, minus a few things OW adds to the request.
If I were to share my requestBody string, would you be able to take a look at it or is that not helpful?
cfjedimaster
commented
7 years ago Ok, if my new version of the request body does not match the exact same string sent it - could that be the issue? For ex, imagine Amazon sent:
{"name":"ray", "age":8}
And when I make my new string I end up with
{"age":8, "name":"ray"}
which is the same data, but an exact string match would fail. Could that be it?
mreinstein
commented
7 years ago but an exact string match would fail. Could that be it?
Yep, that's the problem. This module signs the raw body with amazon's pem, and compares the result against the header signature. If they don't match, the request wasn't signed by amazon.
You'll need access to the untouched raw body for this module to work.
mreinstein
commented
7 years ago @cfjedimaster any updates? Inclined to close this without more feedback as it sounds like something having to do with userland code.
cfjedimaster
commented
7 years ago Very sorry I never got back to you. The OpenWhisk platform added support for getting the raw body input and that was all it took. I've got one skill publicly released and working on my second. Thank you so much for making your library so darn easy to use - it is really appreciated!
mreinstein
commented
7 years ago my pleasure! let me know if anything else comes up.
I'm trying to get this working in OpenWhisk, using Node 6, and I'm getting:
I'm pretty sure the issue is the OpenWhisk platform and not your code, but is there anyway to get more details about what went wrong so I can dig deeper?