Im having problem with the proxy signature verification.
I fallow the steps on this link:
And i endUp with this test code on node js with express to validate the signature:
const SHARED_SECRET = '<My App scret key>' const query_signature = req.query.signature const sorted_params = "extra=1,2path_prefix="+req.query.path_prefix+"shop="+req.query.shop+"timestamp="+req.query.timestamp let calculated_signature = crypto.createHmac('sha256', SHARED_SECRET).update(sorted_params).digest('hex') if(query_signature == calculated_signature) return True
when i check the data on console, they are diferent:
console.log("query:",req.query.signature) console.log("hash: ",calculated_signature)
Node: Im using the App secrete key to generate the calculated_signature but I think there is something wrong with this because every app have a diferent App secrete key so, form me it does not make sence because the store only send one signature and the calculated_signature might change depending the App secrete key.
Can some one tell me what Am I doing wrong?
I would appreciate any help
Solved! Go to the solution
This is an accepted solution.
guys I was actually able to solve the issue.
The problem wass that i was using this to make the signature:
const sorted_params = "extra=1,2path_prefix="+req.query.path_prefix+"shop="+req.query.shop+"timestamp="+req.query.timestamp
But I wass receiving this:
As you can see the extra=1,2 paragram is not send by the request, So I only changed sorted_params value to this:
const sorted_params = "path_prefix="+req.query.path_prefix+"shop="+req.query.shop+"timestamp="+req.query.timestamp
And it start working.