You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You aren't updating with the payload body. Are you using this successfully in production for an older version of the API? The current API version requires using the payload to verify the request:
To validate the payload:
1. Generate a SHA1 signature using the payload and your app's App Secret.
2. Compare your signature to the signature in the X-Hub-Signature header (everything after sha1=). If the signatures match, the payload is genuine.
But I use Fastify as a framework so I'd like the option of either just passing in the buffer (not actually supported in Fastify without a few tricks...yet), or perhaps just passing in the body object which could be turned back into a buffer for the check. I doubt this is the most performant way but not sure if it's really a big deal.
Probably the only thing I'd urge against is making any assumptions on the framework. :-)
I've noticed that when creating the hash here:
fb-messenger-bot-api/src/validation/ValidateWebhook.ts
Line 79 in 5a2c6be
You aren't updating with the payload body. Are you using this successfully in production for an older version of the API? The current API version requires using the payload to verify the request:
https://developers.facebook.com/docs/graph-api/webhooks/getting-started#verification-requests
The text was updated successfully, but these errors were encountered: