Hi!
According to my implementation, the only way to get a 403 error is when the signature is invalid, the problem is that doing manual tests the endpoint works like this, returning a 403 error, but when it comes to doing the complete flow creating the sub, twitch don’t request my callback url with the signature, in the nginx logs, i see that twitch dont request the callback url.
app.post('/notification', (req, res) => {
console.log("xxxxxxxxxxx type BEFORE", req.header("Twitch-Eventsub-Message-Type"))
if (!verifySignature(req.header("Twitch-Eventsub-Message-Signature"),
req.header("Twitch-Eventsub-Message-Id"),
req.header("Twitch-Eventsub-Message-Timestamp"),
req.rawBody)) {
console.log("xxxxxxxxxxx type FAIL", req.header("Twitch-Eventsub-Message-Type"))
res.status(403).send("Forbidden") // Reject requests with invalid signatures
} else {
console.log("xxxxxxxxxxx type", req.header("Twitch-Eventsub-Message-Type"))
if (req.header("Twitch-Eventsub-Message-Type") === "webhook_callback_verification") {
originalBody = req.body
if (req.body !== undefined){
message = req.body.subscription.id + req.body.subscription.created_at + req.body
signature = crypto.createHmac('sha256', secretito).update(message) // Remember to use the same secret set at creation
expectedSignatureHeader = "sha256=" + signature.digest("hex")
}
parameters = {
subscription: req.body.subscription,
id: req.body.subscription.id,
timestamp: req.body.subscription.created_at,
sub_type: req.body.subscription.type,
challenge: req.body.challenge,
broadcaster_user_id: req.body.subscription.condition.broadcaster_user_id,
signature: expectedSignatureHeader,
rawBody: originalBody,
access_token: access_token
}
axios.post(
django_backend + "/activate-subscription",
parameters
)
.then((response) => {
res.send(req.body.challenge)
})
} else if (req.header("Twitch-Eventsub-Message-Type") === "notification") {
if (req.body.subscription.type == "channel.follow"){
axios.post(
django_backend + "/shoot-ws",
{
uid: req.body.event.broadcaster_user_id,
viewer: req.body.event.user_name,
streamer: req.body.event.broadcaster_user_login,
content_type: req.body.subscription.type,
redemption: {
user_input: "",
redeemer_user: "",
redepmtion_id: "",
reward_id: ""
},
content_raw: "",
content_message: "",
access_token: access_token
}
)
.then((response) => {
res.send(req.body.event)
})
}
}
}
})
for now, i’ll go to make tests with the lib that you are use (twitch-cli) for discover the reason of this behavior, thanks for your help!! <3