verifyWebhook is not static
trevorhimma opened this issue · 3 comments
Hey,
Regarding webhooks, there's a snippet in your readme:
// signature comes from the HTTP header x-signature
boolean valid = App.verifyWebhook(body, signature)
However, this method is not static and cannot be called like that. We could do something like this atm:
App.get().request().verifyWebhook(body, signature)
or
new App().verifyWebhook(requestBody, signature)
It seems a bit too much in this case though and I'd prefer static.
SDK version: 1.3.0
I also have one related question - is the Event object kind of meant to be used as Java equivalent of the push webhook body contents? The structure is almost the same, but there are some important differences like member vs members, thus making it not compatible at the moment.
Hey @trevorhimma. First of all thank you for opening this Issue!
-
With current implementation i absolutely agree that creating an instance of App to call verifyWebhook does not make any sense. But we have a plan to remove hardcoded SDK credentials and pass them to an SDK instance instead. In this case creating App instance would make sense. On the other hand, currently, we could add something like
public static boolean verifySignature(payload String, signature String, secretKey String) -
In spite of data structure of published events from SDK is similar to the webhook payload we don't have a plan to support it in our SDK because they are parts of different contexts. So better to not use Event data structures to decode webhook payloads.
Thanks for the reply!
I did create custom object for webhook services and it's working nicely. When you publish a new version of verifyWebhook usage/alternative I'll be sure to use that as well, instead of the current workaround..
But no rush from my side as the workaround does exist and I'm glad that somebody is actively developing this library and I'm really looking forward to permissions v2 :)