Invalid Secret Errors

I am following this tutorial :

When GitHub tries to call the webhook I get an error due to an invalid secret. I can see the errors in the logs at both ends, and they both say that the secret is invalid.

The steps I am using to set up the secret:

  • On the realm endpoint, under authorisation I set ‘request validation’ to `require secret’ and then create a secret called ‘tutorial’ whose value is ‘tutorial.
  • On GitHub, just go to the web hook, tap ‘change secret’ and enter ‘tutorial’.

Some things I have tried:

  • I have updated the secret several times. The secret name and the secret are both ‘tutorial’.
  • I have tried Application and System authentication on the Realm side
  • I have left the endpoint as POST
  • I left SSL enabled in GitHub

Any ideas what else I can try?

I have the same problem. how did you resolved it?

I know this is old but may help other users.

You may have missed this line from the tutorial:

This requires all incoming requests to include the query parameter secret=tutorial in the request URL.

So the actual secret that GH stores isn’t very important, the essential bit is to write your url as https://yourAtlasRealmUrl?secret=mysecret. Now from my understanding this isn’t a good idea. See this SO discussion.

I don’t know of any other way to be honest. @Paul_Wilkinson @Adan_Aguilar

1 Like

Yes, this is what I also end up doing.

But as you already mentioned this is not very secure.

Don’t know why MongoDB did not corrected this still.