I’m trying to receive in n8n an outgoing webhook from my MS TEAMS. This is basically working, but now I would like to secure the process by checking the HMAC. And for the moment I did not succeed.
So In the header sent by Teams, I do receive a HMAC value in the field ‘authorization’ ( equal to: HMAC xxxxxx).
I would like to compare this value with my own calculation of the body part received. I’ve never succeed to have them matched. I think it is link to the way the ‘body’ content is understood in n8n.
My first try was to use this workflow :
I was using JSON.stringify to turn my ‘Body’ into a string. But I guess this is where I do have a difference with what TEAMS have calculated.
So then I 've tried this approach
I’ve tried to use binary Data, but once again the HMAC calculation by the Crypto module does not match.
I don’t really know how to make this calculation to secure my Teams bebhook ?
Can you point me in the right direction ?
Thank for your advise.
When hashing even changing one character (lke adding "s) will change the entire output. When stringifying JSON it adds quotes around all keys and values.
Also, if this is what you’re trying to do, you need to convert the body to a byte array in UTF8 then do the crypto operation on that, based on the docs
Thanks Liam.
Ok so I might take my second workflow, wait for the Webhook trigger, and keep the raw body box checked.
But then how to convert this raw body to a byte array UTF8 before using crypto module ?
Can I use a Code module with some javascript functions (I still haven t found the function to put inside the code module yet).
Finally this is the same result as the crypto module. So I guess that this module is using my secret in UTF8 format instead of base64.
So How can I say to that module that my secret is base64 ?
or maybe I can try to convert this Teams secret from base64 to UTF8 ?