Create a new @slack/verify-request package

[stevengill]

Description

We should rip out the verifyRequestSignature code out of @slack/events-api and make it a stand alone package named @slack/verify-request.

What type of issue is this? (place an x in one of the [ ])

• [x] enhancement (feature request)

Requirements (place an x in each of the [ ])

• [x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
• [x] I've read and agree to the Code of Conduct.
• [x] I've searched for any related issues and avoided creating a duplicate issue.

[seratch]

We should do this. As Bolt for JS has a similar code, we can replace the code in Bolt for JS with this new package in Bolt's next major version. As far as I know, the points to consider are:

• Should the return value type be just a boolean value or an object holding a boolean result and error code?
• How to keep the backward-compatibility of ReceiverAuthenticityError and its error mesage in Bolt

References:

• @slack/bolt implementation
• Tests in @slack/bolt
• @slack/events-api implementation

[mim-Armand]

The verify-request does not seem to be working for the event calls, as the request body seems to be coming serialized now..

[seratch]

Hi @mim-Armand,

as the request body seems to be coming serialized now

This situation might be caused by some settings in your application. For instance, if your app is built with Express.js, having Express middleware may cause this. If you have more to ask on this, please feel free to create a new issue for the question! (this issue #1135 is for the task to create a new package, so please avoid continuing this conversation here)

[github-actions[bot]]

👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out.