Java SDK: callback validation expects millisecond-based time stamp but Fitconnect sends second-based timestamps
We are implementing a service for receiving Fitconnect submissions. We would like to use the callback feature of the destinations (Zustellpunkte), so we have imlemented a REST controller to handle callback requests fired by Fitconnect. According to the documentation we expect an HTTP header callback-timestamp
. We pass this timestamp, together with other parameters to the call back validation service provided by the Fitconnect SDK.
However, it turns out that the validation code in dev.fitko.fitconnect.core.validation.DefaultValidationService
expects the timestamp to be in milliseconds, whereas the timestamp received in the callback requests is second-based.
Of course, we cannot simply pass timestamp*1000
to the validation service because the timestamp is also part of the HMAC which is reconstructed and compared to the HMAC also received in the request. This subsequent check fails if we convert the timestamp.
At the moment, we help ourselves by overwriting the DefaultValidationService.validateCallback()
.
Beside this bug, I would like to recommend to extend the SDK and documentation for the callback usecase. It would help, for instance, to have a DTO class for the payload provided by the callback and a callback demo in the demo application.
Thank you, Kind regards, Rainer