-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid signature on incoming request #1696
Comments
@mhjb there should be req.rawBody available if you are using your own express server
|
Thanks @batamar — but I'm not using my own express server. |
@mhjb are you still experiencing this? |
Hey @benbrown I am still experiencing this issue as of botkit 4.0.1. Any reason why this is happening? |
I'm having the same issue, and not using my own express server either |
Sorry for the slow reply, @benbrown ; I'm not sure, actually; the project has moved along a bit. I did see that one gets this error when |
This seems to be caused by This issue still exists after moving to v4.5 release |
@PXMYH are you saying that, when correctly configured, this verifySignature function does not properly verify the incoming webhooks? |
Any update on this? How do we test Facebook locally? Is it impossible? |
I'm still getting this in a botbuilder bot when testing locally. app_secret is set correctly. I know this because the bot worked when running without the adapter in azure, but since that's going away on December 16th, I want to get it working in adapter form before then. |
In case it's helpful, here's an example of where I'm using it my code (sorry, Coffeescript – you can translate with http://js2.coffee/) — which works locally (with ngrok), and remotely. |
@mhjb did you mean to include some code there? |
Sorry + thanks + I've edited my comment now. |
@q00u can you paste example code where you are initializing your adapter? |
I'm doing it exactly like it's shown in BotBuilder Basics (The token/secret values have been added to .env). |
@q00u Using the code below, I am not able to reproduce your issue. This is the same as BotBuilder basics, though it also includes the verification endpoint and the call to server.listen() that are not (yet) in the sample docs.
|
@q00u is there anything substantially different about your code? |
Nothing substantially different other than the two things you mentioned not being in the sample docs yet. You can connect to this with the emulator and it works? |
@q00u Sorry for the confusion about this: No, you cannot connect with the emulator to the bot using botbuilder-adapter-facebook. This adapter speaks the Facebook messenger protocol, not the Bot Framework protocol. It works differently than the ABS channel service. If you want to test with emulator, swap out the Bot Framework adapter for the Facebook one. |
It's now passing the Edit Callback URL verification, and the bot is running successfully on Facebook. Is that because of the endpoint verification section? Was that all I needed? |
The callback URL verification endpoint is necessary to change the URL in Facebook's settings. Previously I hadn't really considered that to be part of the necessary Adapter sample code, but I have since added it to the boilerplate example in the readme file. |
If you continue to experience this issue:
|
Context:
I'm upgrading this bot from botkit 0.6.2 to 4.0.
When I follow the code examples in the docs, and start the bot, with each message from Messenger, I get this error:
Experienced an error inside the turn handler Error: Invalid signature on incoming request
My (working) 0.6.2 code looks like (forgive the coffeescript if you can), stripping out a bit of guff:
My erroring new code looks like:
The text was updated successfully, but these errors were encountered: