Quantcast
Channel: Active questions tagged youtube-api - Stack Overflow
Viewing all articles
Browse latest Browse all 3831

Youtube PubSubHubbub hmac sha1 validation failed

$
0
0

3 years ago, I created a simple subscriber to the youtube pubsubhubbub api, to get notifications, when a new video gets uploaded. This stopped working a few months ago, it worked until then. When I debugged what was happening, I saw that the hmac signature seems to missmatch, causing my server to not process the request.

            var checksumHeader = context.Request.Headers["X-Hub-Signature"];            var signature = checksumHeader.ToString().Split('=')[1];            var stream = context.Request.Body;            string body;            using (var reader = new StreamReader(stream, Encoding.UTF8))            {                body = await reader.ReadToEndAsync();            }            var isValid = PubSubSecret.Check(body, signature);

this is my code that processes youtube's Post request. This used to work, but now, isValid always returnes false.

The Code of my Check Method:

    public static bool Check(string body, string signature)    {        using (var hmac = new HMACSHA1(Encoding.UTF8.GetBytes(Secret)))        {            var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(body));            var hash = Convert.ToHexString(hashBytes).ToLowerInvariant();            Console.WriteLine("Sig: " + signature);            Console.WriteLine("Computed Hash " + hash);            return signature.Equals(hash);        }    }

If I use the diagnostic tool at https://pubsubhubbub.appspot.com/subscribe?hl=de, I can see, that youtube gets the correct secret, so this is not the problem. Also, this exact code worked, so I wonder what might have changed for this to stop working.

I hope someone can lead me in the right direction about what to check next.

If I copy the string body and secret to one of the many online hmacsha1 tools, I get the same hash as my code computes, but not what youtube sends in the header.


Viewing all articles
Browse latest Browse all 3831

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>