fix(webhooks): read webhookSecret for jira, linear, and github signature verification

waleedlatif1 · waleedlatif1 · commit f9d5f2c7a0b3 · 2026-02-23T22:57:24.000-08:00
These providers define their secret subBlock with id: 'webhookSecret' but the
processor was reading providerConfig.secret which is always undefined, silently
skipping signature verification even when a secret is configured.
diff --git a/apps/sim/lib/webhooks/processor.ts b/apps/sim/lib/webhooks/processor.ts
@@ -609,7 +609,7 @@ export async function verifyProviderAuth(
   }
 
   if (foundWebhook.provider === 'linear') {
-    const secret = providerConfig.secret as string | undefined
+    const secret = providerConfig.webhookSecret as string | undefined
 
     if (secret) {
       const signature = request.headers.get('Linear-Signature')
@@ -684,7 +684,7 @@ export async function verifyProviderAuth(
   }
 
   if (foundWebhook.provider === 'jira') {
-    const secret = providerConfig.secret as string | undefined
+    const secret = providerConfig.webhookSecret as string | undefined
 
     if (secret) {
       const signature = request.headers.get('X-Hub-Signature')
@@ -734,7 +734,7 @@ export async function verifyProviderAuth(
   }
 
   if (foundWebhook.provider === 'github') {
-    const secret = providerConfig.secret as string | undefined
+    const secret = providerConfig.webhookSecret as string | undefined
 
     if (secret) {
       // GitHub supports both SHA-256 (preferred) and SHA-1 (legacy)

Original file line number	Diff line number	Diff line change
`@@ -609,7 +609,7 @@ export async function verifyProviderAuth(`
`609`	`609`	`}`
`610`	`610`
`611`	`611`	`if (foundWebhook.provider === 'linear') {`
`612`		`- const secret = providerConfig.secret as string \| undefined`
	`612`	`+ const secret = providerConfig.webhookSecret as string \| undefined`
`613`	`613`
`614`	`614`	`if (secret) {`
`615`	`615`	`const signature = request.headers.get('Linear-Signature')`
`@@ -684,7 +684,7 @@ export async function verifyProviderAuth(`
`684`	`684`	`}`
`685`	`685`
`686`	`686`	`if (foundWebhook.provider === 'jira') {`
`687`		`- const secret = providerConfig.secret as string \| undefined`
	`687`	`+ const secret = providerConfig.webhookSecret as string \| undefined`
`688`	`688`
`689`	`689`	`if (secret) {`
`690`	`690`	`const signature = request.headers.get('X-Hub-Signature')`
`@@ -734,7 +734,7 @@ export async function verifyProviderAuth(`
`734`	`734`	`}`
`735`	`735`
`736`	`736`	`if (foundWebhook.provider === 'github') {`
`737`		`- const secret = providerConfig.secret as string \| undefined`
	`737`	`+ const secret = providerConfig.webhookSecret as string \| undefined`
`738`	`738`
`739`	`739`	`if (secret) {`
`740`	`740`	`// GitHub supports both SHA-256 (preferred) and SHA-1 (legacy)`