Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intercom Support (with signed messages) #114

Open
themetalfleece opened this issue Jan 16, 2019 · 1 comment
Open

Intercom Support (with signed messages) #114

themetalfleece opened this issue Jan 16, 2019 · 1 comment
Labels
help wanted New Provider Issue requests a new provider be added.

Comments

@themetalfleece
Copy link

themetalfleece commented Jan 16, 2019
edited
Loading

Intercom has webhooks for new events (i.e. messages, new users) - reference.
My issue is that it's better for Intercom messages to be signed with a hub secret string. This is set in the Intercom Webhook dashboard and must be provided to the app to validate the messages. Would it be possible for that string to be set when creating a webhook with skyhook?

I have already created a node.js app to forward messages from Intercom to Discord - https://github.com/themetalfleece/intercom-discord
Validate signature script - https://github.com/themetalfleece/intercom-discord/blob/master/helpers/validateSignature.js
@hytromo
Copy link

hytromo commented Feb 19, 2019
edited
Loading

As far as I can see from skyhook's code, it doesn't have any kind of storage in the backend to save our settings. When you generate a link, it just replaces it with its own origin and appends the service at the end, e.g.

https://discordapp.com/api/webhooks/WEBHOOK_HASH becomes skyhook.glitch.me/api/webhooks/WEBHOOK_HASH/bitbucket

When skyhook receives a POST request to a url like the above, it just passes it to the appropriate service data parser (here bitbucket) and then posts to the discord webhook hash. All this information is in the url of the post request. So the URL of the post request contains data on

  1. How should I read the body of this post request (e.g. bitbucket)
  2. Where should I forward this message to? (discord webhook hash)

So, the easiest way to integrate intercom supporting hub secret is to literally have the hub secret in the URL, changing a bit the way that (1) works, e.g. providing additional context (the hub secret).

This requires that the POST request between the 2 services are made using HTTPS, because HTTPS does not reveal the URL. There may be other security implications here that I'm unaware of, though.

So, in short I imagine this working in the following way:

  1. Skyhook UI provides another optional field for intercom that is the hub_secret
  2. It generates a URL like https://skyhook.glitch.me/api/webhooks/HASH/intercom:HUB_SECRET
  3. When intercom POSTs there, it knows how to decode the message
  4. It forwards the POST to the discord webhook

Also someone may make the argument that having the hub secret in the url makes it way too accessible, which IMO is a valid argument.

@dscalzi dscalzi added help wanted New Provider Issue requests a new provider be added. and removed enhancement labels Mar 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted New Provider Issue requests a new provider be added.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hytromo @Jawnnypoo @dscalzi @themetalfleece