Skip to content

v0.7.2

Choose a tag to compare

View all tags
@onlime onlime released this 11 Sep 14:09
· 3 commits to main since this release
v0.7.2
0ef551d
This commit was signed with the committer’s verified signature.
onlime Philip Iezzi (Pipo)
SSH Key Fingerprint: 4U9WLBTJjImGRCV9I3fHLsREHEqeTWBWa1CLroJ6v0Q
Verified
Learn about vigilant mode.

Improved:

  • Webhook authentication token type (Simple hashed token vs. JWT token) can now be configured with new env var WEBHOOK_USE_JWT and no longer depends on whether you pass the token as query param (not recommended for JWT tokens) or Authorization: Bearer header.
  • Webhook JWT token now contains all necessary claims for strict verification: sub (Subject), iss (Issuer), iat (Issued At), nbf (Not Before), exp (Expiration Time).

Fixed:

  • Webhook JWT token is now correctly encoded using base64 decoded secret (WEBHOOK_SECRET) as key. Previously, we forgot to decode it, but always recommended (and still do!) to use a base64 encoded secret.
Assets 2
Loading