ruimarinho
commented
8 years ago I would rather not relax this assert if production data requires it. Shouldn't they send approval_request on their test endpoint instead? I'll email them about this.
Closed holm closed 7 years ago
ruimarinho
commented
8 years ago I would rather not relax this assert if production data requires it. Shouldn't they send approval_request on their test endpoint instead? I'll email them about this.
ruimarinho
commented
8 years ago @holm just an heads-up that I continue to discuss this with Authy support.
holm
commented
8 years ago Thanks for the update, can understand that. It is not exactly the most logical thing to have a test different from the actual payload, unless they have plans to use the hook for other events.
ruimarinho
commented
8 years ago No further feedback from Authy Support received yet.
holm
commented
7 years ago It seems they have changed the validation to support sending approval_requestdata. So this should be good to close.
ruimarinho
commented
7 years ago Thanks for confirming that. Removing the label.
The signature validation asserts that the body contains "approval_request". I think this restriction should be lifted, so the validation can also be done when the endpoint is validated in the Authy dashboard. In the test request from Authy the "approval_request" is not present.