Hello! I am working on a Roblox Plugin and a huge part of it is HTTP requests, and to prevent a malicious actor from intercepting packets, and recreating + spamming the requests to a HTTP server, I wish to be able to implement JWT Encoding.
For this, I need Base64 encoding and decoding (supported by Roblox), but it also requires HMACSHA256 key/message encryption. Is this natively supported by ROBLOX? Are there any alternatives I can use?
And follow up question: can plugins be reversed (source code revealed)? My secret key would probably be in the script, and I wouldn’t want anyone to see that
TL;DR - How do I use HMACSHA256 in ROBLOX, and can Plugins be Reversed?
Roblox doesn’t natively support HMACSHA256 directly soo you could probably make your own backend and probably just generate it and resend it back from the request and using this way roblox would If im correct limit the amount of HTTP Get and Post requests which would fix the spam issue.
Regarding are plugins reversable, they are yeah. Any plugin you downloaded is stored into .rbxm format at C:\Users\username\AppData\Local\Roblox\roblox user id\InstalledPlugins
You can just find a plugin you downloaded here, import that into roblox studio and you can see the source code for any plugin, so yeah it is reversable