Description
When I set a Configure URL it does return user_id and signature. Can anyone tell me how to decode the signature? So I can verify the request is valid.
Error
No Error
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth Admin Level App.
Configure URL
Which Endpoint/s?
Configure URL
How To Reproduce (If applicable)
Steps to reproduce the behavior:
set up a Configure URL which redirects to your app with user_id and a signature.
Screenshots (If applicable)
Hey @pritam1,
Does this thread help answer your question?:
As a side note, a user would need to be logged in to access your configure URL, in case this was part of your concern.
Let me know if this helps to clear things up!
Will
@will.zoom, I had already checked that thread. I wanted to verify the signature and then I will allow the user to see my admin level application. Is there a way to decode or verify the signature or use it as a token to call the access to “GET User endpoint”?
configure_url?user_id={} isn’t feel secure alone without verifying signature. I would like to verify the signature parameter also.
Thanks!
Hi @pritam1,
While the signature that is appended to the configure URL is not intended to access the GET User endpoint for verification purposes, you should take the user_id from the query parameter appended to the configure URL to call the GET User endpoint.
Since this will return the account ID of the user, you can use this to verify that the request is valid/secure. If the account ID did not match that of the user (this shouldn’t happen), you could conclude the request is invalid.
I hope this helps to clarify!
Best,
Will
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
