Autentication hash fails on long request bodys

[vdiorio]

What happened

I'm developing an app for a company that sends really long messages on channels. I'm generating autentication hashes following the step-by-step process in documentation. It works fine on small messages, but fails on long request bodys.

Expected behavior

Autentication tokens should work on any size of request.

Steps to reproduce

Just try to hash a long request.
Here's an exemple: https://pastebin.com/LXph5eD6

[brainexe]

mhm, I tested a similar sized response and it worked quite good. As we don't have your signing key it's a bit hard to reproduce your example 🛡️

But could you post the code where you're validating the signature based the incoming request...maybe there is something odd.

[vdiorio]

    const signature = 'v0:' + timestamps + ':' + JSON.stringify(req.body);
    const key = 'v0=' + crypto.createHmac('sha256', process.env.SLACK_SECRET).update(signature).digest("hex");
    if (SLACK_SIGNATURE !== key) return res.status(401).json({key});

The key this code generates is different from the header signature slack sends.
It works fine on small comments