Skip to content

feat(webhook-callbacks): add support for verifying http request signatures #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat(webhook-callbacks): add support for verifying http request signatures #144

wants to merge 3 commits into from

Conversation

hamzamahmood
Copy link
Collaborator

Why

To ensure secure handling of incoming webhook and callback requests, we need to validate their authenticity. Without signature verification, there is a risk of processing spoofed or tampered requests. Adding a standard verification mechanism also makes it easier to plug in custom verification strategies as needed.

What

  • IHttpRequstData interface added to handle asp.net and asp.netcore requests
  • Introduced ISignatureVerifier contract to enable pluggable custom verification implementations.
  • Added configurable HMAC signature verification as the default implementation.
  • Implemented DigestCodec with support for Hex, Base64, and Base64Url encodings.
  • Added unit tests to validate the correctness of signature verification.

Type of change

Select multiple if applicable.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause a breaking change)
  • Tests (adds or updates tests)
  • Documentation (adds or updates documentation)
  • Refactor (style improvements, performance improvements, code refactoring)
  • Revert (reverts a commit)
  • CI/Build (adds or updates a script, change in external dependencies)

Testing

Unit tests for the signature verification have been added

Checklist

  • My code follows the coding conventions
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added new unit tests

@hamzamahmood
feat(webhook-callbacks): add support for verifying http request signa…
7cde5a1 
…tures

- Adds a ISignatureVerifier contract for custom signature verification
- Adds configurable HMAC signature verification
- Adds test for signature verification
- Adds DigestCodec hex, Base64 and Base64Url support
@hamzamahmood hamzamahmood self-assigned this Sep 8, 2025
@hamzamahmood hamzamahmood added the enhancement New feature or request label Sep 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sufyankhanrao sufyankhanrao Awaiting requested review from sufyankhanrao

At least 1 approving review is required to merge this pull request.

Assignees

@hamzamahmood hamzamahmood

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hamzamahmood