search

mreinstein / alexa-verifier

✓ Verify HTTP requests sent to an Alexa skill are sent from Amazon
MIT License
76 stars 23 forks source link

invalid signature (not base64 encoded) #47

Closed Tabs13 closed 6 years ago

Tabs13 commented 6 years ago 
var verifier = require('alexa-verifier');
console.log(req.headers.signature);
/*
console value of signature
cezVeGIQZ2acr6cmNOC/SoytfBxk35aZluOMAHFImvD2A3EUdXgN/98zxAnbySet6bWLLRY7nb4gSeM8tERBOPSFhlU8q6pN40hHnYP6ELxk2mpCUeyXJmOIGCaVxAVZBohrr7XM/xgrMmWLDZNVTWmSYw0Tkrg0U7EpS/SpkqiulffVpiZE4fO9btpY1D7zBjBYuu/6GYQElc63OcCTuFH1smXK0jCldWdk1SvZ04uyLitxLcpzpRpjZ5Tii34pP1NtMnJLakf9BX26Ko98N4Q8m1j8H06 uaDiDbKNYt48ZX5jnfPh4pO1KyKVaLT0t45ocPQq91pKR9GSxdjAsQ==
*/
console.log(typeof req.headers.signature);
var rawBody = req.body;
//var rawBody = JSON.stringify(req.body);//Had even tried stringifying the body

verifier(req.headers.signaturecertchainurl, req.headers.signature, rawBody, function(passes) {
console.log(passes);
//console gives
//Invalid signature (not base64 encoded)
});
mreinstein commented 6 years ago

@Tabs13 how is req.body being populated? I suspect that you probably have some middleware or parser doing something to the request body which is altering it from it's raw state. Can you share more code?

mreinstein commented 6 years ago

Still waiting on feedback, I can't help you debug this without more information. I'm under the impression this is an error on how the request body is being passed to alexa-verifier