Handle HTTP Subscription Confirmation #3
Description
Per AWS's documentation, HTTP subscriptions should confirm the subscription before messages can be sent to an endpoint.
Subscription Confirmation Payload to the http(s) endpoint on subscribe:
{
"Type": "SubscriptionConfirmation",
"MessageId": "13983d22-067a-41ee-9dd5-e5829e3c4cea",
"Token": "2336412f37fb687f5d51e6e2425c464cefc600f08b2ce8d1fee3e982b4f7415ca69d9359bb953f92b5dbfb500d9da6a1ea3f6bc400f07f10ac514e64adb39d72c8cfbe31a2b891777b1e4eeaf61f4e2b4cb218c755c8b93bf9b01215f79af3a5c747ae9b6b5629271f504b80247cfa92",
"TopicArn": "arn:aws:sns:us-east-1:478077625736:httpTopic",
"Message": "You have chosen to subscribe to the topic arn:aws:sns:us-east-1:478077625736:httpTopic.To confirm the subscription, visit the SubscribeURL included in this message.",
"SubscribeURL": "https://sns.us-east-1.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-east-1:478077625736:httpTopic&Token=2336412f37fb687f5d51e6e2425c464cefc600f08b2ce8d1fee3e982b4f7415ca69d9359bb953f92b5dbfb500d9da6a1ea3f6bc400f07f10ac514e64adb39d72c8cfbe31a2b891777b1e4eeaf61f4e2b4cb218c755c8b93bf9b01215f79af3a5c747ae9b6b5629271f504b80247cfa92",
"Timestamp": "2023-10-22T16:14:10.710Z",
"SignatureVersion": "1",
"Signature": "MN6UZ4Xc/ZeY3u2lvOEabxV81RSK8Q4xBZo0S8yTkpy+Ey6VLgkAWBb28iINSM7k2+LIY+gQj/PAxNxgzO9WinAfBY8FmBQ8W+vzURY1ntLX3vauHgzuv+uSeehRGib4LXu4tpTSvdD8KeG4eHw/HNSYoOXHGDPvapi+fUkAuSm89RdyKvIQSwWn87V9FXuZwYYOXpJG8v2EhJhAzdNSjwVMlO1TCBNyZOLBUUyJo9iW+VanHC0n8uhWBPGjeOL9Y2YGtMewhmk3jslQDJDWZrQJM+S0GeiXfQ110S02YbvuPwvU+B30SsNYf3ihsFgOIkqCltLLtZ/clTKCxnDajA==",
"SigningCertURL": "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-01d088a6f77103d0fe307c0069e40ed6.pem"
}Subscribe response before confirming:
<SubscribeResponse xmlns="http://sns.amazonaws.com/doc/2010-03-31/">
<SubscribeResult>
<SubscriptionArn>pending confirmation</SubscriptionArn>
</SubscribeResult>
<ResponseMetadata>
<RequestId>eb1fe57c-7b4b-5de1-bc54-b8d337d9d8dd</RequestId>
</ResponseMetadata>
</SubscribeResponse>No messages will be sent to the subscription before visiting the SubscribeURL.
Server Response on visit to SubscribeURL:
<ConfirmSubscriptionResponse xmlns="http://sns.amazonaws.com/doc/2010-03-31/">
<ConfirmSubscriptionResult>
<SubscriptionArn>arn:aws:sns:us-east-1:478077625736:httpTopic:2f81aea6-1d13-40a0-822b-43b2a47a922a</SubscriptionArn>
</ConfirmSubscriptionResult>
<ResponseMetadata>
<RequestId>69b011a1-eb46-5cdc-9ada-4c0ea697aeb8</RequestId>
</ResponseMetadata>
</ConfirmSubscriptionResponse>Implementation here will probably involve
- enabling this feature via configuration (environment variable)
- exposing a new http confirmation endpoint
- return a "pending confirmation" subscription arn in the subscribe response
- skip publishing to the subscription until the confirmation endpoint has been visited.