oscklm
oscklm4mo ago

Verifying JWS Signed Payload in Convex httpAction

I am currently working on verifying an Apple App Store notification's signed payload using a public key within a Convex httpAction. Below is a snippet of the code I am using:
import jwt from 'jsonwebtoken';
import { httpAction } from '../_generated/server';

export const proccessAppStoreNotifications = httpAction(async (ctx, req) => {
const {signedPayload, unified_receipt} = await req.json();


// Check for signedPayload (version 2 notifications)
if (signedPayload) {
console.log('signed Payload:', signedPayload);

// Load the public key from a secure location or environment variable
const publicKey = process.env.APPLE_PUBLIC_KEY;

if (!publicKey) {
throw new Error('Public key not configured');
}

try {
// Verify the JWS signedPayload using Apple's public key
const payload = jwt.verify(signedPayload, publicKey);

// Perform your business logic here, such as updating user subscriptions, etc.
return new Response('Subscription update handled in convex', { status: 200 });
} catch (error) {
console.error('Error verifying JWS:', error);
return new Response('Invalid signature', { status: 400 });
}
}
return new Response('Invalid notification format', { status: 400 });
});
import jwt from 'jsonwebtoken';
import { httpAction } from '../_generated/server';

export const proccessAppStoreNotifications = httpAction(async (ctx, req) => {
const {signedPayload, unified_receipt} = await req.json();


// Check for signedPayload (version 2 notifications)
if (signedPayload) {
console.log('signed Payload:', signedPayload);

// Load the public key from a secure location or environment variable
const publicKey = process.env.APPLE_PUBLIC_KEY;

if (!publicKey) {
throw new Error('Public key not configured');
}

try {
// Verify the JWS signedPayload using Apple's public key
const payload = jwt.verify(signedPayload, publicKey);

// Perform your business logic here, such as updating user subscriptions, etc.
return new Response('Subscription update handled in convex', { status: 200 });
} catch (error) {
console.error('Error verifying JWS:', error);
return new Response('Invalid signature', { status: 400 });
}
}
return new Response('Invalid notification format', { status: 400 });
});
I am unable to use the jsonwebtoken library directly in the code to verify the JWS signed payload. Could you please provide a different recommended approach for verifying JWS signed payloads in this httpAction context? Thanks!
1 Reply
oscklm
oscklmOP4mo ago
I've fixed the above issues, simply by sending the signedPayload directly to be processed by an action:
export default httpAction(async (ctx, req) => {
const { signedPayload } = await req.json();

if (signedPayload) {
await ctx.runAction(api.apple.appleNotificationProcessor.default, { signedPayload });
return new Response('Success', { status: 200 });
}
return new Response('Invalid notification format', { status: 400 });
});
export default httpAction(async (ctx, req) => {
const { signedPayload } = await req.json();

if (signedPayload) {
await ctx.runAction(api.apple.appleNotificationProcessor.default, { signedPayload });
return new Response('Success', { status: 200 });
}
return new Response('Invalid notification format', { status: 400 });
});

Did you find this page helpful?