the verification will fail anytime the request contains double byte utf-8 encodings.
I believe that all requests from Alexa are UTF-8 encoded.
for example if the request contains the word "déjà vu".. validation will fail.
this seems to fix the issue:
// returns true if the signature for the request body is valid, false otherwise
function isValidSignature(pem_cert, signature, requestBody) {
...
verifier.update(requestBody); // this line can be modified to: verifier.update(requestBody,'utf8');
...
}
the verification will fail anytime the request contains double byte utf-8 encodings. I believe that all requests from Alexa are UTF-8 encoded.
for example if the request contains the word "déjà vu".. validation will fail.
this seems to fix the issue:
// returns true if the signature for the request body is valid, false otherwise function isValidSignature(pem_cert, signature, requestBody) { ... verifier.update(requestBody); // this line can be modified to: verifier.update(requestBody,'utf8'); ... }