Adobe Developer

jasonhampleman · 7/12/21

Having gone through all the Tutorial Steps here (https://www.adobe.io/apis/experiencecloud/cloud-manager/docs.html), and having my Slack webhook App in place, when a Pipeline job runs, it does hit the Webhook, however, in the Response Body, I get this (403) error back:
Error: x-adobe-signature HMAC check failed

Has anyone successfully got Adobe Cloud Manager Pipeline notifications working with Slack? If so, any ideas would be greatly appreciated.

To be clear, I built the App using Glitch.com per the instructions. The App is working. My Slack Webhook is working and installed. Please do not direct me back to the Documentation... I've already completed the tasks and read the documentation numerous times. Thanks!

shikhartanwar · 7/14/21

Hi @jasonhampleman: The error that you are encountering is because of a signature mismatch as mentioned in step 2 of the tutorial. However, since you are using Glitch, can you please make sure that the .env file is properly populated, because when you click on "Remix this" it resets the .env file settings. The reset results in a blank CLIENT_SECRET which inturn results into the error - "Error: x-adobe-signature HMAC check failed".

I would advise trying till step 2 with the proper .env file and see if you are still running into the same issue.

View solution in original post

shikhartanwar · 7/14/21

Hi @jasonhampleman: The error that you are encountering is because of a signature mismatch as mentioned in step 2 of the tutorial. However, since you are using Glitch, can you please make sure that the .env file is properly populated, because when you click on "Remix this" it resets the .env file settings. The reset results in a blank CLIENT_SECRET which inturn results into the error - "Error: x-adobe-signature HMAC check failed".

I would advise trying till step 2 with the proper .env file and see if you are still running into the same issue.

jasonhampleman · 7/14/21

Thank you for getting back to me! I can confirm that my CLIENT_SECRET is correctly entered in the .env file. It matches the Client Secret for my API Event in Console correctly.

shikhartanwar · 7/14/21

If the CLIENT_SECRET is correctly configured, then can you add some logs here and see what exactly is going wrong. I am unable to reproduce the issue on my end. You can see the logs in Glitch by clicking on Tools > Logs.

As a last resort, can you try and uncomment the signature verification part to see if we can circumvent this problem. Even though this is not recommended, but this will help us pinpoint where things are going wrong.

jasonhampleman · 7/15/21

Thanks again for the help. I commented out the Signature Verification portion of the JS in Glitch (index.js file). The Pipeline is hitting my webhook URL as it completes jobs. I now get a 200 success with each (not a 403), however, the Response Body only says "pong" and I get no notifications in Slack. For reference, when I use Curl to hit my Slack App, it works.

Log says:

TypeError: Cannot read property 'event' of undefined

at app.post (index.js:119:26)

Line 119 is:
const event = req.body.event

I've included a screen of .env variables (do not reveal the actual vars) to see if those are okay.

shikhartanwar · 7/15/21

I am not sure what's going wrong at your end. Could you please check what you are getting in the Debug Tracing tab of your console integration (created in step 0).

The tutorial has been coded to respond with a simple "pong" message for every event delivered to the webhook, so I don't see any issue here.

however, the Response Body only says "pong" and I get no notifications in Slack

I think debug tracing will really help in understanding what is really going on with your integration.

TypeError: Cannot read property 'event' of undefined
at app.post (index.js:119:26)
Line 119 is:
const event = req.body.event

For example, this is what I see for in the "Debug Tracing" tab of my test integration -

jasonhampleman · 7/16/21

Thank you. I've attached my debug results as well. While they are similar to yours and I am getting a 200, it appears that much of the Header information in yours is not being sent in mine. I assume that you are connecting to a Slack App and getting a message there correctly in your test?

shikhartanwar · 7/16/21

When I posted my debug results, I included a snapshot of both the request and response tabs (see below for a better image). That's where you see the difference of headers. But looking at your traces, it seems that the events are being delivered just fine.

Regarding the slack integration, I did not test that, but I believe it should work.

jasonhampleman · 7/16/21

I really don't know what to do from here! A summary of where I'm at:

In Glitch logs, I get this error:

TypeError: Cannot read property '@type' of undefined at app.post (/app/index.js:119:24)

line 119 is: if (STARTED === event['@type'] &&

I get no Slack message.

What I know is working:

1. My Webhook is active (green) in Adobe Console

2. I get 200 Success.

3. Pipeline updates successfully trigger my Event in console

4. My Slack App is live and working. I can trigger it with a CURL call.

5. My Credentials are included correctly in the .env file in Glitch. I've built this multiple times now with the same result. I used the Step 7 with Slack "Remix This" option and then made sure to add my env vars.

I'm running out of ideas.

justin_at_adobe · 7/16/21

@jasonhamplemanLooking at https://glitch.com/edit/#!/candy-gifted-hallway, I believe the problem is in how you commented out the signature verification. You appear to have commented out the injection of the body-parser express middleware. The result of this is that the body is, well, not parsed and thus req.body is undefined.

What you should do instead is to have this minimal piece:

app.use(bodyParser.json());

In other words, the bit to comment out is actually the object passed to bodyParser.json().Which is essentially going back to what is in Step 1 of the tutorial.

So if you wanted to leave that code in place, it would look like

app.use(bodyParser.json(/*{
  verify: (req, res, buf, encoding) => {
    const signature = req.header('x-adobe-signature')
    if (signature) {
      const hmac = crypto.createHmac('sha256', process.env.CLIENT_SECRET)
      hmac.update(buf)
      const digest = hmac.digest('base64')

      if (signature !== digest) {
        throw new Error('x-adobe-signature HMAC check failed')
      }
    } else if (!process.env.DEBUG && req.method === 'POST') {
      throw new Error('x-adobe-signature required')
    }
  }
}*/))

As to your original issue, this is a bit of a mystery. I just retested this with a slightly more minimized version of the tutorial code (https://glitch.com/edit/#!/illustrious-peat-candytuf) and was able to check the signature. At the risk of repeating @shikhartanwar , I'd suggest doublechecking the value. I did observe that even adding a space at the end of the value in the Glitch UI can cause this. It wouldn't be a bad idea to trim the variable before passing it to crypto.createHmac().

jasonhampleman · 7/16/21

Hi Justin. My latest webhook is actually here: https://scratch-veiled-oboe.glitch.me/webhook

justin_at_adobe · 7/16/21

Ah, OK. So you were able to get the challenge working. The only thing I can suggest at this point would be to log the body. Take a look at lines 117 to 120 of https://glitch.com/edit/#!/easy-melted-dust.

justin_at_adobe · 7/16/21

Actually, I might know the reason. Did you select the "Batch" Delivery Style?

jasonhampleman · 7/16/21

I did in fact select "batch". Shall I pick the other option and retry?

justin_at_adobe · 7/16/21

Yes, this code only works with the Single style. I'll update the documentation to reflect this. When you use the Batch style, the body of the POST request is an array, not an object. So if you want to use that style, you'd iterate through the array and process each event. Not a ton more code, but outside the scope of the tutorial.

jasonhampleman · 7/16/21

Wow! I think that was it. Thank you for the keen eye! I just got my first Slack message (after days of trying)

justin_at_adobe · 7/16/21

I've updated the tutorial content to reflect this. For what it is worth, you actually can see this difference in the Debug Tracing screen as indicated by @shikhartanwar although it perhaps a bit subtle -- if you compare @shikhartanwar's screenshots to yours, his show an object whereas yours shown an array. Apologies for missing this.

jasonhampleman · 7/16/21

Thanks. It is especially subtle when I wasn't sure what I was looking at. One last thing, so I got a Slack message when I started my Pipeline (Code Scanning). However, I didn't get a Slack when it Failed / Ended. My expectation and really the goal for this is for ALL failures to notify me (and the team) via Slack. Should I have gotten more than one Slack message?

justin_at_adobe · 7/16/21

It is really up to you. The point of the tutorial is not really to integrate with Slack It's to help you understand how to create your own integration using Slack/Teams as *examples* of things you might want to integrate with. The idea being that once you've gone through the tutorial step by step you have the building blocks necessary to create your own "real" integration. The tutorial code is *only* capturing the started event. If you want to capture a different event, you'll need to adjust the code.

Adobe Developer

Adobe Cloud Manager API Tutorial Webhook - x-adobe-signature required

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe