Description
When I set a Configure URL it does return user_id and signature. Can anyone tell me how to decode the signature? So I can verify the request is valid.
Error
No Error
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth Admin Level App.
Configure URL
Which Endpoint/s?
Configure URL
How To Reproduce (If applicable)
Steps to reproduce the behavior:
set up a Configure URL which redirects to your app with user_id and a signature.
@will.zoom, I had already checked that thread. I wanted to verify the signature and then I will allow the user to see my admin level application. Is there a way to decode or verify the signature or use it as a token to call the access to “GET User endpoint”?
configure_url?user_id={} isn’t feel secure alone without verifying signature. I would like to verify the signature parameter also.
Thanks!
While the signature that is appended to the configure URL is not intended to access the GET User endpoint for verification purposes, you should take the user_id from the query parameter appended to the configure URL to call the GET User endpoint.
Since this will return the account ID of the user, you can use this to verify that the request is valid/secure. If the account ID did not match that of the user (this shouldn’t happen), you could conclude the request is invalid.