我正在尝试使用HMAC验证签名以获取API服务
他们的文件
必须验证X-Line-Signature请求标头中的签名,以确认该请求是从LINE平台发送的。
身份验证按如下方式执行:
The signature in the X-Line-Signature request header must be verified to confirm that the request was sent from the LINE Platform.
Authentication is performed as follows:
1)With the channel secret as the secret key, your application retrieves the digest value in the request body created using the HMAC-SHA256 algorithm.
2)The server confirms that the signature in the request header matches the digest value which is Base64 encoded.
这是nodejs的实现
const crypto = require('crypto');
const signature = crypto.createHmac('SHA256', doc.line.channelSecret).update(JSON.stringify(req.body)).digest('base64');
但生成的签名和标题中的签名不匹配
已更新
const crypto = require('crypto');
const channelSecret = ...; // Channel secret string
const body = ...; // Request body string
const signature =
createHmac('SHA256', channelSecret)
.update(body).digest('base64');
// Compare X-Line-Signature request header and the signature