This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the algorithms category.
Last Updated: 2024-10-12
When trying to get Stripe signature verification working in Laravel, I faced an issue where the signature verification kept failing.
Here was how the signature was computed:
<?php
private static function computeSignature($payload, $secret)
{
return \hash_hmac('sha256', $payload, $secret);
}
As for the $payload
parameter, I passed in the following to a function way up
the abstraction ladder:
<?php
$request->input() // Laravel parses this into a PHP array.
Anyway when I inspected what went down to computeSignature()
it was Array
-
the literal word array.
What I should have done was taken the raw string input and passed that down.
<?php
$request->getContent()
When working with code that takes the hash of things, the exact object/type is as important as the content. Usually it should be a string.