Validating signatures

dudec · 2019-08-03 21:00:30 UTC

Hi, I am receiving these errors (4) after following this tutorial and trying a functional test…

The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL.

Can’t seem to find much online for the index.js file that isn’t the ask sdk

Thanks!

jan · 2019-08-05 19:41:56 UTC

Does this part in the Docs help? https://www.jovo.tech/docs/hosting/express-js#verification

dudec · 2019-08-08 16:42:59 UTC

Thought I tried that but obviously not! Thanks!

marktucker · 2020-09-11 14:56:28 UTC

@jan I am using Lambda deploy but have a LOCAL stage that uses the the Jovo webhook for testing. Even though it is LOCAL, Amazon is requiring me to run the Certification Validation step so that I can setup a Beta Test. I use beta test in LOCAL to test on other devices in my household.

I am getting the following error and want to know what else I should change:

Error:

The skill end-point is not validating the signatures for incoming requests and is accepting requests with an empty signature URL. Please make sure that your signature validation is correct. To reject an invalid request with an invalid signature or certificate, the skill should respond with HTTP status code 400 (Bad Request) in the response.

With this link:
https://developer.amazon.com/en-US/docs/alexa/custom-skills/host-a-custom-skill-as-a-web-service.html#cert-verify-signature-certificate-url

index.js

'use strict';

const { WebhookVerified, Webhook, ExpressJS, Lambda } = require('jovo-framework');
const { app } = require('./app.js');

// ------------------------------------------------------------------
// HOST CONFIGURATION
// ------------------------------------------------------------------

// ExpressJS (Jovo Webhook)
if (process.argv.indexOf('--webhook') > -1) {
  const port = process.env.JOVO_PORT || 3000;
  Webhook.jovoApp = app;

  Webhook.listen(port, () => {
    console.info(`Local server listening on port ${port}.`);
  });

  Webhook.post(['/webhook','/webhook_alexa'], async (req, res) => {
    await app.handle(new ExpressJS(req, res));
  });
}

// AWS Lambda
exports.handler = async (event, context, callback) => {
  const lambdaHandler = new Lambda(event, context, callback);

  if (process.env.NODE_ENV === 'UNIT_TEST') {
    lambdaHandler.hasWriteFileAccess = true;
  }

  await app.handle(lambdaHandler);
};

What changes do I need to make?

AlexSwe · 2020-09-11 15:58:25 UTC

Hey @marktucker

Unfortunately, it won’t work with the jovo-webhook. (This would allow using the webhook in live skills)

Can you change skill endpoints while the beta test is active?

marktucker · 2020-09-11 16:06:28 UTC

I’m trying that workaround now.

curiosopher · 2021-08-24 14:09:51 UTC

We’re returning the 4 errors that @dudec experienced. We followed the tutorial that @jan recommended, but we’re still getting the same validation errors. We have a certificate from AWS. Has anyone else worked through this issue?