Stripe Webhook Verification Error with Play Framework

Question

I am trying to set up stripe payment with a play framework application. I am having issues with setting up the webhook.

com.stripe.exception.SignatureVerificationException: No signatures found matching the expected signature for payload

This is the error I keep getting when I try and construct the event sent from stripe. I print out the values for the body and the signature and they look like they should be correct. This is the code I am using to collect the webhook.

 def webhook = Action { implicit request: Request[AnyContent] =>
println(request.headers.toMap)
val bodyOp:Option[JsValue] = request.body.asJson
val sigOp:Option[String] = request.headers.get("Stripe-Signature")
var event: Event = null
if (bodyOp.isEmpty || sigOp.isEmpty) {
  WebhookController.logger.write("EMPTY BODY OR SIG body-"+bodyOp+"   sig-"+sigOp,Logger.RED)
  BadRequest
} else {
  val body = bodyOp.get.toString
  val sig = sigOp.get
  println(body)
  println(sig)
  try {
    event = Webhook.constructEvent(body, sig, "whsec_5XwS8yCNOcq1CKfhh2Dtvm8RaoaE3p7b")
    val eventType: String = event.getType
    eventType match {
      case "customer.subscription.deleted" => deleteCustomer(event)
      case "invoice.payment.succeeded" => successPayment(event)
      case "invoice.payment.failed" => failedPayment(event)
      case _ => WebhookController.logger.write("UNKNOWN " + event, Logger.RED)
    }

    Ok("")
  } catch {
    case e: JsonSyntaxException =>
      e.printStackTrace()
      WebhookController.logger.write("ERROR" + e.getMessage +" "+exceptionToString(e), Logger.RED)
      BadRequest
    case e: SignatureVerificationException =>
      e.printStackTrace()
      WebhookController.logger.write("ERROR" + e.getMessage + " "+exceptionToString(e), Logger.RED)
      WebhookController.logger.write("SIG ERROR header-"+e.getSigHeader+" status code-"+e.getStatusCode,Logger.RED )
      BadRequest
  }
}
}

Answer 1

Karllekko was on the right track. Play framework automatically parsed it as a json which caused the error. request.body.asText didn't work because the content-type header value was set to json. Tolarant Text would have worked except for stripe sends their webhooks with utf-8 and tolarant text doesn't parse with utf-8. So I ended up having to use a RawBuffer and turning that into a String (https://www.playframework.com/documentation/2.6.x/ScalaBodyParsers)

class WebhookController @Inject()(parsers: PlayBodyParsers) extends Controller() {

def webhook = Action(parsers.raw) { implicit request: Request[RawBuffer] =>
  val bodyOp =  request.body.asBytes()
  val sigOp:Option[String] = request.headers.get("Stripe-Signature")
  var event: Event = null
  if (bodyOp.isEmpty || sigOp.isEmpty) {
    BadRequest
  } else {
    val body = bodyOp.get.utf8String
    val sig = sigOp.get
    try {
      event = Webhook.constructEvent(body, sig, secret)
      ...
      ...