AJ (CRH) asked a question.
Hello,
I am looking to use teams webhooks to send an API call into workflows and want to user HMAC to secure the message.
I have setup the flow to accept an API call and copied the shared secret.
When I pass the API call body to OKTA using the HMAC card to generate the output it does not match the code in the header.
See
I have run the following in Powershell
$message = ' '
$secret = ' '
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Text.Encoding]::ASCII.GetBytes($secret)
$signature = $hmacsha.ComputeHash([Text.Encoding]::ASCII.GetBytes($message))
*$signature = [System.BitConverter]::ToString($signature).Replace('-','').ToLower()
$signature = [Convert]::ToBase64String($signature)
echo $signature
* Do we get the expected signature?
echo ($signature -eq ' ')
and get the same value so the card is doing the same steps as this.
Any help would be great.
Hello @AJ (CRH) ,
Unfortunately, this is not possible at this time.
Per step 2 of the Microsoft documentation you provided, "You will need to convert the body to a byte array in UTF8."
We do not support byte array(s) at this time, so this is not technically possible using the functions within Okta Workflows. I encourage you to submit an idea to ideas.okta.com so that our product managers can track demand for this functionality.
However, you should still be able to use the API Endpoint event cards to setup a flow using outgoing webhooks from Teams. In my testing, I can successfully accept and respond to Teams payloads without setting up the HMAC handshake.
I know you have a support ticket open, I just wanted to share this information publicly as well.