Regarding the Uber documentation, I'm trying to verify in order to trust the POST in our API.
https://developer.uber.com/docs/riders/guides/webhooks#security
To do so, I'd need to encrypt with a client_secret in sha256.
Im doing that in Go language.
My issue is, I can't have the same encrypted message than the Uber-Signature.
Here's the code used:
package main
import (
"fmt"
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
)
func main() {
secret := "mySecretCode"
msg := `{"event_id":"af4189d4-6a4c-48b5-ab83-8a59d6b03284","resource_href":"https://sandbox-api.uber.com/v1/requests/f09bdc07-509b-4d91-859c-8883ac7fc04a","meta":{"status":"processing","rider_id":"8LSgK24vbx3bcLWThqQyMI_1T_ErGeb1SIHAO3wHX4ycPNvKGf_WsNf14PgVW8el7cBA_lemjMxKkcngZk945K_fCMXQARIfNZ8QOv7VWoQnwpSmUSKUgnYE1WEk-aHyrA==","user_id":"eb0e5df4-3d65-40a0-aff7-40bf06e15727","resource_id":"f09bdc07-509b-4d91-859c-8883ac7fc04a"},"event_type":"requests.status_changed","event_time":1554990665}`
fmt.Printf("Secret: %s Data: %s
", secret, msg)
h := hmac.New(sha256.New, []byte(secret))
h.Write([]byte(msg))
encodedMsg := hex.EncodeToString(h.Sum(nil))
fmt.Println(encodedMsg)
}
I'm expecting this: 3795f9ad1c5fe0ae4cd0d10d7a60ccb9f4409c3ae23eb0d0e448fb509f994faf
But I got this: 350b4ed376e3e4a490dfa7ed4701da7be46e9454d5893bc63f5040bffde19fa8
Here's the code: https://play.golang.org/p/PHPFIDxXA8T
Any idea why?