Avaya Infinity™Avaya Experience Platform™
Discussions
These docs are for v0.0.1. Click to read the latest docs for v1.0.63.

Discussions

Ask a Question
Back to all

Problem Validating JWT Signature for Avaya Spaces Webhook Payloads

11 hours ago by Carl Benson

Hello Avaya Developers,

I am implementing a backend service to consume Webhooks generated by Avaya Spaces for message events, but I am consistently failing to validate the authenticity of the payload using the provided JWT secret.

I have configured the Webhook successfully and am receiving the POST requests. The payload is clearly structured as a signed JWT, as expected.

Steps Taken:

Retrieved the configured Webhook Secret (Shared Key) from the Avaya Cloud administration panel.

In my Node.js service (using jsonwebtoken library), I am attempting to verify the signature using jwt.verify(token, secret).

I have tried using the secret as a plain string, converting it to a Buffer, and encoding it in various formats (Base64, Hex).

Expected Behavior:
The JWT verification should succeed, and I should be able to decode the payload.

Observed Issue:
I receive the error JsonWebTokenError: invalid signature every time.

My precise question is: Can you confirm the exact encoding/format required for the Webhook Secret (Shared Key) when validating the JWT signature? Should it be treated as a plain UTF-8 string, or is a specific encoding (e.g., Base64URL-decoded bytes) required by the verification library?

Any insight into common pitfalls during Webhook JWT validation would be greatly appreciated. Thank you! ragdoll hit