Help with verify EventSub signature

I am working on getting the new eventsub stuff fully integrated with my node bot, and the last part I am having an issue with is verifying the signature. I understand most of what is needed, but I am coming up short on the part about the raw bytes of the request body. I am using nodejs and express and have seen some of the examples @BarryCarlyon has shown for the x-signature, but am not quite sure I follow that for eventsub.

Also shout out to the twitch devs for adding an error message to the event sub after my last problem about using an a non standard port. I forgot to change my callback URL after I setup my new server and was greeted with a nice message that I was using a non standard port and I needed to fix it.

NodeJS example of EventSub Sig verficiation

Speifically line 38

I have it setup the same way for EventSub as Webhooks

1 Like

Thanks I will take a look at the git work through the code. Thankfully you use meaningful comments so I should be able to figure it out :slight_smile: I am still somewhat new to using middleware in express and that was tripping me up.


I’m actually bad at commenting my code for other people

So my github for examples was a conscious effort to add them in.

Middleware saves time for running the same code against multiple routes. So it is handy.

Got it all working, your code was a help, though I still don’t fully understand the buf part of the body parser middleware. That is on me though, thanks for the assist.

TLDR: buf will contain the raw message.

If you were not using buf (short for buffer), a korean/french/german streamer with a localized display name or title written in French/German etc using u with umlauts, for example ä, ö, ü

Then the content would be encoded different and you would get a different verification result and your generated verficiation won’t match the one Twitch sent

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.