06-24-2017 18:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

06-24-2017 18:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
It's probably something silly, but I can't for the life of me find the problem. Here's my (poor) code. The request is from the context of my ASP.NET Web API method, but note that the method has no parameters, otherwise reading the "raw" content would be more complicated.
private async Task<bool> VerifyFitbitSignature(HttpRequestMessage request) { try { // Get the signature from the request. var fitbitSignatureBase64 = request.Headers.GetValues("X-Fitbit-Signature").First(); log.Debug($"Notification signature--->{fitbitSignatureBase64}"); // Get the content from the request as a byte array. var contentAsByteArray = await request.Content.ReadAsByteArrayAsync(); log.Debug($"Notification updates---->{Encoding.ASCII.GetString(contentAsByteArray)}"); // Create the key from the client secret appended with an apersand '&' character. var keyAsString = ConfigurationManager.AppSettings["FitbitClientSecret"] + '&'; var keyAsByteArray = Encoding.ASCII.GetBytes(keyAsString); byte[] calculatedSignatureAsByteArray; using (var maccer = new HMACSHA1(keyAsByteArray, true)) { calculatedSignatureAsByteArray = maccer.ComputeHash(contentAsByteArray); } var expectedSignatureBase64 = Convert.ToBase64String(calculatedSignatureAsByteArray); log.Debug($"Expected signature:------>{expectedSignatureBase64}"); var match = fitbitSignatureBase64 == expectedSignatureBase64; return match; } catch (Exception e) { log.Error("Exception during Fitbit signature verification:", e); return false; } }

- Labels:
-
Subscriptions API
06-25-2017 20:24
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

06-25-2017 20:24
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Never mind, problem was with the JSON I was sending via Postman for testing. The code in the OP is working as long as there is no interstitial white space (no \n\r, no spaces outside the quotes). Hopefully this will save the next guy a bit of time.

