Can't validate eventHook signature, help!

Question

Can't validate eventHook signature, help!

zheng-liu-seattle opened this issue 5 months ago · 1 comments

zheng-liu-seattle commented 5 months ago

 const signature = req.headers[
   EventWebhookHeader.SIGNATURE().toLowerCase()
  ] as string;
  const timestamp = req.headers[
    EventWebhookHeader.TIMESTAMP().toLowerCase()
  ] as string;

  const payload = JSON.stringify(req.body).split('},{').join('},\r\n{') + '\r\n';

  if (!signature || !timestamp) {
    res.status(401).json(UNAUTHORIZED);
    return;
  }
  try {
    const eventWebhook = new EventWebhook();
    const isValid = eventWebhook.verifySignature(
      eventWebhook.convertPublicKeyToECDSA(publicKey),
      payload,
      signature,
      timestamp
    );
    }

isValid is always false... verified both timestamp and signature are there.

Answer 1 · 2024-08-26T21:37:40.000Z

I spent days looking into this, using the EXACT code supplied by Sendgrid. Spent weeks with their support team who just kept sending me the same stackoverflow links that I'd already read.
In the end I decided to remove the equivalent to this in their python code.
const payload = JSON.stringify(req.body).split('},{').join('},\r\n{') + '\r\n';

I then removed it from the node js code and it worked.
Poor documentation. The forums are full of it.