I'm using Gigya Comment Notification service in my node app and trying generate a valid signature. I have followed this documentation, but my code generate wrong hash.
This is my code:
var crypto = require('crypto');
var params = [the notification object from the request];
var eventData = JSON.stringify(params.eventData);
var text = params.event + '_'
+ eventData + '_'
+ params.nonce + '_'
+ params.timestamp;
var secret = new Buffer('Qmxxxxxxxxxxxxx...xxxxxxw=', 'base64');
var hash = crypto.createHmac('sha1', secret).update(text).digest('base64');
if (hash !== params.signature) {
console.log('Not ok')
} else{
console.log('Ok')
}
I think the signature base (text variable) construction may not valid. This is what my text variable contains (with fake datas):
newComment_[{"categoryID":"category","streamID":"stream","commentID":"123","comment":{"ID":"123","etc":"foobar","timestamp":1447078842653,"threadTimestamp":1447078842653,"status":"published"}}]_aaaaaaaa-bbbb-cccc-dddd-ffffffffffff_1447078842
How can I generate the right signature?
Your signature base construction looks correct, although a nonce doesn't generally have any dashes in it.
The most common reason for a generating an incorrect signature is using the incorrect Secret Key.
Your partner's Secret Key is provided in BASE64 encoding, at the bottom of the Sites Table in the Dashboard section in Gigya website (please make sure that you are logged in to Gigya's website and that you have completed the Gigya's Site Setup process). Please make sure that you are using the partner's Secret Key and not your user's Secret Key.