Signature validation failure when an emoji present in a message (Auth failure)

What I want to achive:

Signature validation failure when an emoji exists in the message, currently whenever an emoji exists in the message body the auth is failing and for a normal message with plain text the signature is mathching perfectly and there is no Auth failure . Currently we are doing the following to verify the signature:

  1. . Using the HMAC-SHA256 algorithm with the channel secret as the secret key, compute the digest for the request body.
  2. Confirm that the Base64-encoded digest matches the signature in the x-line-signature request header

Currently when an emoji exists the signature validation is failing. We have followed the same validation logic specified in the following link: https://developers.line.biz/en/reference/messaging-api/#signature-validation even this did not help.


Whenever there is an emoji in the message the token sent by Line in header, x-line-signature is not matching the signature generated by us using this: https://developers.line.biz/en/reference/messaging-api/#signature-validation


I tried the same code to validate the signature specified in the line developer website: https://developers.line.biz/en/reference/messaging-api/#signature-validation and even this code is failing when an emoji exists. But the same signature validation works when there is plain text in the message body.

  • 0
  • 1
  • 961
  • twitter facebook

I don't know how you implement it, but I guess so... but my guess is that you may get the String object from the web application framework and convert it to bytes, unexpectedly.

You should take the request body as a byte array from the web application framework. And you need to use the byte array to check the signature. You shouldn't convert it to the String object.

  • 0

Similar posts

    No similar posts

Are you sure? question.vm