I'm trying to implement an authentication middleware in php for the webhook callback of azures speech to text api.
I would like to make use of the X-MicrosoftSpeechServices-Signature header for this. The docs state, that this is the sha256 encrypted value of the payload with the secret as its key.
Let's say the webhook sends back a request like:
{
"self":"https:\/\/southcentralus.api.cognitive.microsoft.com\/speechtotext\/v3.0\/transcriptions\/be783fbc-2836-480b-b678-76363dc0d0a7",
"invocationId":"d00d3f00-2122-4c81-b5e6-1ce026805e7d"
}
And the header is like (the secret was: aBdneoSDSDjw34dfsd2)
"x-microsoftspeechservices-signature":"zsPn2yNhsx9XYABxSqCtNHh3bnCMFL4zGTsdUhGjAGw="
So, according to the docs, I could encrypt the payload in sha256 with my secret and should get the same signature, right?
$secret= "aBdneoSDSDjw34dfsd2";
$sig = $request->header("X-MicrosoftSpeechServices-Signature");
$data = json_encode($request->getContent());
$sign = hash_hmac(
'sha256',
$data ,
$secret,
true //use binary necessary??
);
dd($sig, $sign);
Unfortunately, the values do not match. Since the signature looks like it's base64 encoded additionally, I tried that also:
dd($sig, base64_encode($sign ));
And at least the character length is the same, but it's still no match. What am I missing here?
I got it to work with the following python snippet:
hmac_key = '1234567890'
# In case of 'x-microsoftspeechservices-event': 'TranscriptionCompletion'
if (event.get('body')):
hmac_digest = hmac.new(hmac_key.encode(), event['body'].encode(), digestmod=hashlib.sha256).digest()
b64dig = base64.b64encode(hmac_digest).decode()
# In case of 'x-microsoftspeechservices-event': 'Challenge'
elif (event.get('queryStringParameters')):
hmac_digest = hmac.new(hmac_key.encode(), event['queryStringParameters']['validationToken'].encode(), digestmod=hashlib.sha256).digest()
b64dig = base64.b64encode(hmac_digest).decode()
else:
b64dig = ""
print (b64dig)
print (event['headers']['x-microsoftspeechservices-signature'])
if b64dig == event['headers']['x-microsoftspeechservices-signature']:
print ('valid')
else:
print ('invalid')
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.