Closed holm closed 7 years ago
I would rather not relax this assert if production data requires it. Shouldn't they send approval_request
on their test endpoint instead? I'll email them about this.
@holm just an heads-up that I continue to discuss this with Authy support.
Thanks for the update, can understand that. It is not exactly the most logical thing to have a test different from the actual payload, unless they have plans to use the hook for other events.
No further feedback from Authy Support received yet.
It seems they have changed the validation to support sending approval_request
data. So this should be good to close.
Thanks for confirming that. Removing the label.
The signature validation asserts that the body contains "approval_request". I think this restriction should be lifted, so the validation can also be done when the endpoint is validated in the Authy dashboard. In the test request from Authy the "approval_request" is not present.