Going through this implementation, I’m wondering, has this https://support.shotgunsoftware.com/hc/en-us/articles/115000025494-Securing-your-Action-Menu-Items ever be verified with any platform other than Python? I’m trying it in node, and having issues.
Here is a portion of my ported code that is not working form
is an object parsed from the request body:
const key = 'my-key';
const sortedParams = [];
for (const [k, v] of Object.entries(form)) {
if (k !== 'signature') {
sortedParams.push(`${k}=${v}`);
}
}
const stringToVerify = sortedParams.sort().join('\r\n');
console.log('stringToVerify:', stringToVerify);
const signature = crypto.createHmac('sha1', key).update(stringToVerify).digest('hex');
console.log('signature (form):', form.signature);
console.log('signature (hmac):', signature);
I have 3 suspicions, either the crypto implementation is different, the sorting, or I’m just missing something obvious.