Hello ! Is it possible to get in contact with the ...
# announcementsg
gentle-morning-2222
02/09/2023, 8:43 PMHello ! Is it possible to get in contact with the "Java expert"? I am having trouble with the encryption for the webhook and I am pretty sure my issue can be solved by someone that had experience setting up webhooks with Java
gentle-morning-2222
02/10/2023, 2:44 PM@fresh-football-47124 hey sorry to bother. Could you tag the Java expert here? Not urgent but if they have some time today, it would be appreciated
f
fresh-football-47124
02/10/2023, 2:44 PM
sure thing
❤️ 1
g
gentle-morning-2222
02/10/2023, 5:59 PMWhat is their @ ?
f
fresh-football-47124
02/10/2023, 6:00 PM
@better-magician-65629 she should be able to help you in about an hour or so
g
gentle-morning-2222
02/10/2023, 6:00 PMWonderful. Thanks a lot
b
better-magician-65629
02/10/2023, 8:17 PMhi @gentle-morning-2222 do you mind sharing the following info:
• code sample of your implementation
• which web framework you're using and the version
• the error you're receiving (and which line in the code sample provided it happens at)
it'll allow me to narrow down where you may be experiencing the issue.
you may find this example implementation in javascript useful. the cryptography would be a similar approach but in java: https://github.com/growthbook/examples/blob/main/webhooks-impl/middleware/authenticateWebHooks.js
one of the places where webhook signature verification could go wrong is if you have some kind of middleware layer when getting the request body and it transforms the request body (so it isn't verbatim as was sent). you need the raw request body without it having been processed by any middleware to use for the comparison otherwise the signature verification would fail, even if the crypto stuff is implemented correctly. in express, for example, we need to use the raw body middleware to get access to the body before it is transformed by other middleware. how this is done in java depends on the web framework you're using.
also, before doing a signature verification with a time-safe equal compare function, you will need to ensure both strings are the same length as time-safe compare will not allow you to compare strings of different sizes in most libraries.
we don't yet have an example implementation in java but this should hopefully help.
better-magician-65629
02/10/2023, 8:28 PMyou may also find some links in this google search helpful as many companies use this approach for webhook signature verification.
g
gentle-morning-2222
02/10/2023, 8:28 PMMy only concern at the moment is translating this node example in Java. I can never get it to work
gentle-morning-2222
02/10/2023, 8:29 PMDo you have a Java code sample that works?
b
better-magician-65629
02/10/2023, 8:29 PMat this time we do not have a java example. can you share what you've tried so we can troubleshoot what went wrong with your attempt?
better-magician-65629
02/10/2023, 8:30 PMplease share the following:
• code sample of your implementation
• which web framework you're using and the version
• the error you're receiving (and which line in the code sample provided it happens at)
g
gentle-morning-2222
02/10/2023, 8:30 PMI have tried multiple things. I'll send you the code snipet privately
b
better-magician-65629
02/10/2023, 8:30 PMyeah feel free to DM me, thanks
28 Views