xingkong_63323 | Stripe Developers | Page 1

cinder gulchBOT Nov 17, 2023, 9:51 AM

#

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

xingkong_63323, 2 hours ago, 3 messages

tame plaza Nov 17, 2023, 9:51 AM

#

Hi there!

#

Getting a SignatureVerificationError is quite common. It usually comes from two potential errors:

You are using the wrong webhook secret. So please double check you are using the correct one. It should look like whsec_xxx and match the one displayed in your dashboard
The payload you pass in the constructEvent function is not the raw payload. So you need to ensure that you get the raw body of the HTTP request that Stripe sent you, without any interference by your code or framework in the middle.

#

To debug this you'll need to add logging to every value you pass to constructEvent (the payload, the secret, and the signature header) and then we can try to have a look at what part is wrong

blissful heath Nov 17, 2023, 9:53 AM

#

📎 message.txt

#

event id : evt_3ODOhFAKQ4ll3SWp1nfedZO0

tame plaza Nov 17, 2023, 9:55 AM

#

Have you tried what I suggested above?

blissful heath Nov 17, 2023, 9:56 AM

#

日志记录在哪里看

#

Where to look at the log records

tame plaza Nov 17, 2023, 9:57 AM

#

You check the code you wrote in your webhook endpoint, add print the variables (as explained above), and then check your server logs to see what is the output.

blissful heath Nov 17, 2023, 10:13 AM

#

The logs seen on the stripe platform are the same as the logs I printed after receiving them

📎 message.txt 📎 message.txt 📎 message.txt

#

can you help look log on stripe

sullen night Nov 17, 2023, 10:14 AM

#

Hi! I'm taking over from my colleague. Please, give me a moment to catch up.

blissful heath Nov 17, 2023, 10:14 AM

#

Can you help me check it

#

ok

#

com.stripe.exception.SignatureVerificationException: No signatures found matching the expected signature for payload

#

eventid ： evt_3ODOhFAKQ4ll3SWp1PMvfIlE

#

This is the secret key of my hook: whsec_ MFNPFZ5w9eNzQ9osAZo6chldPXHZ2kJ0

#

Are you still there

#

Are you still there

sullen night Nov 17, 2023, 10:23 AM

#

Yes, I will take a look as soon as I can. It's busy today.

#

Are you sure you are using the correct webhook secret?

#

And there's no middleware that might modify the incoming webhook request in any way?

blissful heath Nov 17, 2023, 10:25 AM

#

yes

#

private String getRequestBody(HttpServletRequest request) {
StringBuffer sb = new StringBuffer();
try (ServletInputStream inputStream = request.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
) {
String line;

        while ((line = reader.readLine()) != null) {
            sb.append(line);
        }
    } catch (IOException e) {
        //log.error("读取数据流异常:{}", e);
    }
    return sb.toString();
}

#

我是通过这个方法获取的body

#

I obtained the body through this method

sullen night Nov 17, 2023, 10:29 AM

#

I see you're using local listener, and the requests are handled successfully. Is it using the same application code?

blissful heath Nov 17, 2023, 10:30 AM

#

The obtained payload is different, and the other code is the same

#

The local listener uses Spark's framework to obtain 'payload', while the server uses: private String getRequestBody (HttpServletRequest request){

StringBuffer sb=new StringBuffer();

Try (ServletInputStream inputStream=request. getInputStream();

BufferedReader reader=new BufferedReader (new InputStreamReader (inputStream));

）{

String line;

While (line=reader. readLine())= Null){

Sb. append (line);

}

}Catch (IOException e){

//Log. error ("Reading data stream exception: {}", e);

}

Return sb. toString();

sullen night Nov 17, 2023, 10:34 AM

#

It means it's not your code that might be modifying the incoming request. It's likely the webhook secret that's incorrect, or your hosting provider/proxy modifies the incoming requests.

blissful heath Nov 17, 2023, 10:37 AM

#

I don't quite understand

#

What am I going to do

#

Can you help me see the difference between the log parameters of the stripe platform and the logs printed by my service

#

I'll give you the parameter log I printed and the hook key. Can you help me try it out

#

My network has gone through proxy

sullen night Nov 17, 2023, 10:43 AM

#

Do you think this proxy might modify the requests in any way? Add/remove request headers?

blissful heath Nov 17, 2023, 10:44 AM

#

I'm not very clear. We usually cannot access foreign websites and must have an agent to access them

#

I will provide you with all the parameters, and your side will help me verify them

sullen night Nov 17, 2023, 10:47 AM

#

I think this will require a deeper investigation. Could you please write to Stripe Support and my engineering team will take over the case: https://support.stripe.com/?contact=true

blissful heath Nov 17, 2023, 10:49 AM

#

Is the plan I mentioned feasible? Just give the parameters and secret key to verify

sullen night Nov 17, 2023, 10:52 AM

#

What plan exactly?

blissful heath Nov 17, 2023, 10:53 AM

#

You can take a look at the corresponding request log for the stripe, and I will give you the secret key to verify if it is correct

sullen night Nov 17, 2023, 10:54 AM

#

I can't do it manually.

blissful heath Nov 17, 2023, 10:56 AM

#

Aren't you a technician

sullen night Nov 17, 2023, 10:58 AM

#

Stripe code verifies signatures, not employees.

#xingkong_63323