5 slack_signing_secret = bytes(os.environ['SLACK_SIGNING_SECRET'], 'utf-8')
7 def slack_is_valid_request(slack_signature, timestamp, body):
8 """Returns True if the timestamp and body correspond to signature.
10 This implements the Slack signature verification using the slack
11 signing secret (obtained via an SSM parameter in code above)."""
13 content = "v0:{}:{}".format(timestamp, body).encode('utf-8')
15 signature = 'v0=' + hmac.new(slack_signing_secret,
17 hashlib.sha256).hexdigest()
19 if hmac.compare_digest(signature, slack_signature):
22 print("Bad signature: {} != {}".format(signature, slack_signature))