Title: Signature validation should support validating with an old secret · Issue #101 · Shopify/shopify_python_api · GitHub
Open Graph Title: Signature validation should support validating with an old secret · Issue #101 · Shopify/shopify_python_api
X Title: Signature validation should support validating with an old secret · Issue #101 · Shopify/shopify_python_api
Description: Problem Oauth2 signature validation will fail when during credential rotation, since the signature is generated with the oldest secret, and validation can only be configured to validate against a single secret in shopify_python_api. Solu...
Open Graph Description: Problem Oauth2 signature validation will fail when during credential rotation, since the signature is generated with the oldest secret, and validation can only be configured to validate against a s...
X Description: Problem Oauth2 signature validation will fail when during credential rotation, since the signature is generated with the oldest secret, and validation can only be configured to validate against a s...
Opengraph URL: https://github.com/Shopify/shopify_python_api/issues/101
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Signature validation should support validating with an old secret","articleBody":"## Problem\n\nOauth2 signature validation will fail when during credential rotation, since the signature is generated with the oldest secret, and validation can only be configured to validate against a single secret in shopify_python_api.\n## Solution\n\nThis needs to be handled similar to [webhook validation](https://docs.shopify.com/api/authentication/api-credential-rotation#webhooks), where it must be possible to specify the old API secret as well as the new one for signature validation, and accept the signature if it matches the ones generated with either secret.\n","author":{"url":"https://github.com/dylanahsmith","@type":"Person","name":"dylanahsmith"},"datePublished":"2015-05-27T19:02:14.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/101/shopify_python_api/issues/101"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:a5200b78-3a3b-cbbb-6c29-ee2f6c54b6f7 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 9E8E:23762:787336:A0C5B9:6969888F |
| html-safe-nonce | dc1399f8763edd8b6282b2d38f802b94002f6ec9c8b2bc0c3fe7fe12c6bee89a |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5RThFOjIzNzYyOjc4NzMzNjpBMEM1Qjk6Njk2OTg4OEYiLCJ2aXNpdG9yX2lkIjoiMTQ5Mjc2MTQwNzg1MTY5NDIyMyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | dea3ebb3cb0d7659e6e374306a879b05b8e3879b48ac13e83cfe48d4607db632 |
| hovercard-subject-tag | issue:81579954 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/Shopify/shopify_python_api/101/issue_layout |
| twitter:image | https://avatars.githubusercontent.com/u/8085?s=400&v=4 |
| twitter:card | summary |
| og:image | https://avatars.githubusercontent.com/u/8085?s=400&v=4 |
| og:image:alt | Problem Oauth2 signature validation will fail when during credential rotation, since the signature is generated with the oldest secret, and validation can only be configured to validate against a s... |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | dylanahsmith |
| hostname | github.com |
| expected-hostname | github.com |
| None | 533e7cac596c452090972c1150d587fd0b36531b8dc4e8bbfe4ab694aca02408 |
| turbo-cache-control | no-preview |
| go-import | github.com/Shopify/shopify_python_api git https://github.com/Shopify/shopify_python_api.git |
| octolytics-dimension-user_id | 8085 |
| octolytics-dimension-user_login | Shopify |
| octolytics-dimension-repository_id | 2249127 |
| octolytics-dimension-repository_nwo | Shopify/shopify_python_api |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 2249127 |
| octolytics-dimension-repository_network_root_nwo | Shopify/shopify_python_api |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 63d27af10eea2ccab520b162530cf6c7b739e767 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width