Vìncent Le Goff
Vìncent Le Goff
I think this issue also falls into this: https://github.com/standard-webhooks/standard-webhooks/issues/15
> Because different customers of the same service will be able to trick the service into sending messages to another customer endpoint, and that customer endpoint will trust it because...
@hf > We need an escape hatch using JWK, again IMO, to support any other key/algorithm for those implementers that want the advanced case. In this scenario do you think...
Sorry i've not been following github notifications properly this summer. @TheTechmage this proposal makes sense and might also fix the question @J0 raises. @J0 any proposal welcome, FYI there's no...
Because an `Authorization` header protects the AuthN part of a path / route ; the signature protects the handling of the message itself. Basically this is 2 domain knowledge difference;...
> We purposefully made Standard Webhooks more like guidelines than a formal specification I agree with this, in the meantime we describes the `payload` structure later which kind of defines...
> I think it's OK to have them support different parts That's kind of what i was meaning but `different specs` might be too dividing indeed > We should probably...
Correct, but that would avoid potential drifting between libraries. Just a thought
Hey there, i'm sorry this PR didn't get a review earlier on. Could we rebase this one and work on landing it?
Thanks for those proposals and sorry for the very late answer. Feel free to raise a PR to adresse those changes 🙏