Kong authentication with github webhook

I would like to configure a github webook to POST requests through Kong (authenticate the request).

As per the docs - https://developer.github.com/webhooks/,

“The HMAC hex digest is generated using the sha1 hash function and the secret as the HMAC key.”

The HMAC digest token is passed in “X-Hub-Signature” header. The HMAC plugin is using Authorization header ?

https://getkong.org/plugins/hmac-authentication/?_ga=2.190439339.1253288438.1519410237-823351220.1518208115#signature-authentication-scheme

So questions are

  1. Can we get kong HMAC plugin to look in “X-Hub-Signature” header ?
  2. Can we use out of box HMAC plugin to authenticate the request?

Appreciate any pointers/suggestions/solutions,

Thanks,
Ravi

  1. Can we get kong HMAC plugin to look in “X-Hub-Signature” header ?

The “Authorization” header is hard-coded in the hmac-auth plugin.

  1. Can we use out of box HMAC plugin to authenticate the request?

For the above reason, I am afraid that the answer is “no”. You can try hard-coding the alternative header name and see if it suffices. If that’s the case, that would be a good argument for making the header name configurable in a future version!