ARTICLE AD BOX
In https://github.com/enola-dev/enola/pull/1927 I attempted to add signature validation for WebSocket authentication security to my https://github.com/enola-dev/twilio-conversation-relay-java Java Client Library SDK for Twilio's ConversationRelay, with a WebSocket server.
This isn't quite working yet, and the initial reason is likely that I didn't pass a valid full URL, as the AI code review feedback on the aforementioned PR claims. In https://github.com/enola-dev/enola/pull/1928/files I've attempted to fix this, but it still does not work, and running bazelisk run //java/dev/enola/audio/voice/twilio/relay/websocket:echo in my project fails with: "Invalid Twilio signature: U3NY5SLOn+V8iDNzzVeLD8J4t+k= for wss://4ea9be067e20.ngrok-free.app/" My code ultimately basically just does:
new RequestValidator("c...c") .validate("https://4ea9be067e20.ngrok-free.app/", Map.of(), "U3NY5SLOn+V8iDNzzVeLD8J4t+k=");What am I missing and doing wrong? It's not very clear to me if, in the case of validating the signature in the onOpen() method of a WebSocketServer, where (IMHO, AFAIK) there are no "parameters" or "body", one shold use the RequestValidator's boolean validate(String url, Map<String, String> params, String expectedSignature) or boolean validate(String url, String body, String expectedSignature) method - but I've tried both, with either an empty Map.of() or an empty "" String, and neither worked.
PS: Also https://help.twilio.com/tickets/24297613.
