Verifying requests in accordance with the IETF HTTP Signatures specification Draft specification.
Lots of places have signature verification for their webhooks (for example GitHub, Stripe, Dropbox, Samsung SmartThings, and many many more), so it seems like it would be something Phoenix (or Plug) should be concerned with being able to do so without overriding core modules and functionality.
The problem is we need to verify the payload (the request body), and that is read only once in Plug.Parsers
and discarded.
This solution could work but itâs weird if I want to receive and verify webhooks from different services as well as other issues (like not being able to use controllers).
Is there no way to get a better solution for this, maybe as a hex package (Iâd write one if I knew a good way to solve this) or in Phoenix or Plug core?