I am getting pretty far in developing my app, so I’m trying to get ahead of security and make my app verify the signature of SmartThings requests to my WebHook App and I’m having a not so great time at it.
I am not using the node or java JDKs, so I’m having to roll my own implementation of the request parser. I haven’t found anything that would do this in ruby as an analog to
I THINK my problem is in forming the signatureString for verification. I THINK I have everything else correct.
String algorithm: (request-target) digest date
signature => <request_signature> signatureString => "(request-target): post https://app.sample.com/ digest: <request_digest> date: Fri, 12 Mar 2021 21:19:30 UTC" public_key.verify(digest, signature, signatureString) => FALSE
Am I formulating the signature string wrong here? I’m at a loss as to why I’m having trouble validating the signature.