Amazon Pay NodeJS 2.2.0

Shangamesh T · Shangamesh T · commit 4021c19d4560 · 2022-01-07T18:38:29.000+05:30
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,7 @@
+#### Version 2.2.0 - January 2022
+* Migrated signature generating algorithm from AMZN-PAY-RSASSA-PSS to AMZN-PAY-RSASSA-PSS-V2 & increased salt length from 20 to 32
+* Note : From this SDK version, "algorithm" need to be provided as additional field in "createCheckoutSessionConfig" while rendering Amazon Pay button.
+
 #### Version 2.1.5 - October 2021
 * Fixed Security Vulnerabilities by upgrading 'axios' library version
 * ReadMe file updates
diff --git a/README.md b/README.md
@@ -384,6 +384,17 @@ Example call to generateButtonSignature function:
     };
     const signature = testPayClient.generateButtonSignature(payload);
 ```
+Note : 
+As part of signature button integration, "algorithm" need to be provided as additional field in "createCheckoutSessionConfig" while rendering Amazon Pay button.
+
+Example of "createCheckoutSessionConfig" :
+``` js
+createCheckoutSessionConfig: {           
+      payloadJSON: '{"webCheckoutDetails":{"checkoutReviewReturnUrl":"https://localhost/test/checkoutReview.html"},"storeId": "amzn1.application-oa2-client.xxxxx","scopes": ["name", "email", "phoneNumber", "billingAddress"]}',
+      signature: 'SIGNATURE', // Signature Obtained by calling "generateButtonSignature(payload)" method
+      algorithm: 'AMZN-PAY-RSASSA-PSS-V2' // This Parameter is mandatory
+    }
+```
 
 ## Manual Signing (Advanced Use-Cases Only)
 This SDK provides the ability to help you manually sign your API requests if you want to use your own code for sending the HTTPS request over the Internet.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@amazonpay/amazon-pay-api-sdk-nodejs",
-  "version": "2.1.5",
+  "version": "2.2.0",
   "description": "Amazon Pay Checkout V2 Integration",
   "main": "src/client.js",
   "directories": {},
diff --git a/src/clientHelper.js b/src/clientHelper.js
@@ -86,7 +86,7 @@ function sign(privateKey, stringToSign) {
     return sign.sign({
         key: privateKey,
         padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
-        saltLength: 20
+        saltLength: 32
     }, 'base64');
 }
 
@@ -141,7 +141,7 @@ function signHeaders(configArgs, options) {
 
     Object.assign(headers, options.headers);
 
-    headers['x-amz-pay-region'] = configArgs.region;
+    headers['x-amz-pay-region'] = constants.REGION_MAP[configArgs.region.toLowerCase()];
     headers['x-amz-pay-host'] =  getAPIEndpointBaseURL(configArgs);
     headers['x-amz-pay-date'] = getTimestamp();
     headers['content-type'] =  'application/json';
diff --git a/src/constants.js b/src/constants.js
@@ -1,7 +1,7 @@
 'use strict';
 
 module.exports = {
-    SDK_VERSION: '2.1.5',
+    SDK_VERSION: '2.2.0',
     API_VERSION: 'v2',
     RETRIES: 3,
     API_ENDPOINTS: {
@@ -17,5 +17,5 @@ module.exports = {
         eu: 'eu',
         jp: 'jp'
     },
-    AMAZON_SIGNATURE_ALGORITHM: 'AMZN-PAY-RSASSA-PSS'
+    AMAZON_SIGNATURE_ALGORITHM: 'AMZN-PAY-RSASSA-PSS-V2'
 };

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@amazonpay/amazon-pay-api-sdk-nodejs",`
`3`		`- "version": "2.1.5",`
	`3`	`+ "version": "2.2.0",`
`4`	`4`	`"description": "Amazon Pay Checkout V2 Integration",`
`5`	`5`	`"main": "src/client.js",`
`6`	`6`	`"directories": {},`