help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

C# gurus: a little help please with calculating the Subscription Notification signature?

‎06-24-2017 18:20

‎06-24-2017 18:20

It's probably something silly, but I can't for the life of me find the problem. Here's my (poor) code. The request is from the context of my ASP.NET Web API method, but note that the method has no parameters, otherwise reading the "raw" content would be more complicated.

        private async Task<bool> VerifyFitbitSignature(HttpRequestMessage request)
        {
            try
            {
                // Get the signature from the request.
                var fitbitSignatureBase64 = request.Headers.GetValues("X-Fitbit-Signature").First();
                log.Debug($"Notification signature--->{fitbitSignatureBase64}");

                // Get the content from the request as a byte array.
                var contentAsByteArray = await request.Content.ReadAsByteArrayAsync();
                log.Debug($"Notification updates---->{Encoding.ASCII.GetString(contentAsByteArray)}");

                // Create the key from the client secret appended with an apersand '&' character.
                var keyAsString = ConfigurationManager.AppSettings["FitbitClientSecret"] + '&';
                var keyAsByteArray = Encoding.ASCII.GetBytes(keyAsString);

                byte[] calculatedSignatureAsByteArray;
                using (var maccer = new HMACSHA1(keyAsByteArray, true))
                {
                    calculatedSignatureAsByteArray = maccer.ComputeHash(contentAsByteArray);
                }
                var expectedSignatureBase64 = Convert.ToBase64String(calculatedSignatureAsByteArray);

                log.Debug($"Expected signature:------>{expectedSignatureBase64}");

                var match = fitbitSignatureBase64 == expectedSignatureBase64;

                return match;
            }
            catch (Exception e)
            {
                log.Error("Exception during Fitbit signature verification:", e);
                return false;
            }
        }

 

Best Answer
Labels:
0 Votes
1 REPLY 1

‎06-25-2017 20:24

‎06-25-2017 20:24

Never mind, problem was with the JSON I was sending via Postman for testing. The code in the OP is working as long as there is no interstitial white space (no \n\r, no spaces outside the quotes). Hopefully this will save the next guy a bit of time. 

Best Answer
0 Votes