Golang - Dropbox webhook signature validation hmac

I am writing a program that needs to use Dropbox's webhooks. I haven't been able to find any Go implementation already in place, so I've decided to write mine. Unfortunately, it doesn't seem to work.

I think the issue here is with hmac, as I am most probably doing something wrong, but I just can't seem to understand where exactly the issue here. Any idea?

The following is what I have:

package dboxwebhook

import (
    "bytes"
    "crypto/hmac"
    "crypto/sha256"
    "errors"
    "io"
    "io/ioutil"
	"log"
)

type Signature struct {
    AppSecret []byte
    Signature []byte
}

func (w *Signature) Check(reqBody io.ReadCloser) error {

    if bytes.Compare(w.Signature, nil) == 0 {
	    return errors.New("DropBox signature doesnt exist")
    }

    // building HMAC key (https://golang.org/pkg/crypto/hmac/)
    mac := hmac.New(sha256.New, w.AppSecret)
    requestBody, err := ioutil.ReadAll(reqBody)
    if err != nil {
    	return err
    }

    mac.Write(requestBody)
    expectedMac := mac.Sum(nil)

    log.Println(w.AppSecret)
    log.Println(expectedMac)
    log.Println(w.Signature)

    // compare if it corresponds with the signature sent by DropBox
    comparison := hmac.Equal(w.Signature, expectedMac)

    if !comparison {
    	return errors.New("Signature Check unsuccessful")
    }

    return nil

}

To test this, the only way I know is to use this Python script from Dropbox.

The Dropbox signature is sent as string in the HTTP header X-Dropbox-Signature.

So as to use it with hmac.Equal, you need to decode the hex string representation to a slice of byte first using package encoding/hex.

    import "encoding/hex"

    [...]
    hexSignature, err := hex.DecodeString(w.Signature)
    [...]

Then you can use the hex bytes in the comparison

    [...]
    // compare if it corresponds with the signature sent by DropBox
    comparison := hmac.Equal(hexSignature, expectedMac)
    [...]