Webhook verification

paribaker · March 11, 2023, 3:23pm

Does anyone have a python example for verifying the expo build webhook. Here is what I have so far, it is unclear to me if I need to do anything to the request body for the hash.

     data = request.json
     signature_from_header = request.headers.get(EXPO_AUTH_HEADER.lower()None)
     digest = hmac.new(bytes(EXPO_SIGNING_SECRET, 'UTF-8'), data, 
     digestmod=hashlib.sha256).digest()
    computed_hmac = base64.b64encode(digest)
    hmac.compare_digest(computed_hmac, hmac_header.encode("utf-8"))


I don't get the point of having incomplete docs...

paribaker · March 12, 2023, 4:27pm

For anyone else looking to use python:

def verify_webhook(data, hmac_header):
    # Calculate HMAC
    digest = hmac.new(bytes(EXPO_SIGNING_SECRET, 'UTF-8'), data, digestmod=hashlib.sha1).hexdigest()
    return hmac.compare_digest(f'sha1={digest}'.encode('utf-8'), hmac_header.encode("utf-8"))

The request body should be a bytes type array as should the final digest!

Topic		Replies	Views
Expo Developer Tools is disconnected from Expo CLI Expo Development Tools	2	1232	September 3, 2019
HmacSHA512 usage How to / Third Party Tooling	0	272	July 27, 2020
Has anyone added Sign in with Apple to their app? Expo SDK	3	1009	December 7, 2019
Crypto.digestStringAsync producing unexpected results Expo SDK	2	442	August 11, 2019
How to Hash Buffer with Expo for an array Expo SDK	3	1092	December 16, 2020

Webhook verification

Related Topics