Same issue here.
Is is possible that there is a bug in the Crypto Node as mentioned here?
I tried several possible solutions e.g. Option keep raw body in the Webhook node as input for the crypto module, but the generated output never matches the Teams authorization HMAC header.
The only working solution I found is an implementation with the code node seen in post to generate the HMAC:
const authHeader = $json["headers"]["authorization"];
const hmacFromHeader = authHeader.replace("HMAC ", "").trim();
// calc HMAC des Request Body
const crypto = require('crypto');
const keyBase64 = "[you key goes here]";
const payload = JSON.stringify($json.body || $json);
function hashPayload() {
const decodedHmacKey = Buffer.from(keyBase64, 'base64');
return crypto.createHmac('sha256', decodedHmacKey)
.update(payload)
.digest('base64');
}
$input.item.json.hash = "HMAC " + hashPayload();
return $input.item;
You can then compare $json.headers.authorization with $json.hash
But this solution has the downside, that the key is stored in the JS module, what I would like to avoid. Any other suggestions?
Maybe it is also possible to access credentials in the JS code so I can seperate the key from the code?