07-07-2016 06:37
07-07-2016 06:37
Hi,
please, someone can help me with this.
I'm trying to verify the X-Fitbit-Signature (node.js)
var hmac = crypto.createHmac('sha1', FITBIT_CLIENT_SECRET + '&');
var requestHash = hmac.update(req.body.toString()).digest('base64');
if (requestHash !== req.get('x-fitbit-signature')) {
.........
something is worng, I never get a succes calculated hmac digest.
I can recieve the notificatios.
Answered! Go to the Best Answer.
07-07-2016 12:06
07-07-2016 12:06
solved
var data = JSON.stringify(req.body);
var requestHash = hmac.update(data).digest('base64');
07-07-2016 12:06
07-07-2016 12:06
solved
var data = JSON.stringify(req.body);
var requestHash = hmac.update(data).digest('base64');
07-11-2016 11:21
07-11-2016 11:21
@clarisa: One important detail: You should verify the signature *before* you JSON.parse the request body. JavaScript does not guarantee Object property ordering, which means that the body string sent by the server may not be the same string returned by JSON.stringify.
07-11-2016 13:27
07-11-2016 13:27
Many thanks for the recommendation!!!