Verify a Shopify Webhook Signature

I am trying to figure out how to verify a signature header sent with a Shopify Webhook, but there's something that I'm missing. It feels like it should be possible using this crypto-js palette but I can't seem to get it configured correctly.

Basically, hash the payload with the secretKey, Base64 encode it, and match it to the header.

Here's the latest attempt:

[{"id":"b815b244ef6bb443","type":"inject","z":"ed9b692543fdc4ea","name":"","props":[{"p":"payload"},{"p":"secretKey","v":"secretKey","vt":"flow"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"orderData","payloadType":"flow","x":160,"y":1060,"wires":[["7fb355187ffd0456","6860c382159a53aa"]]},{"id":"7fb355187ffd0456","type":"debug","z":"ed9b692543fdc4ea","name":"inject output","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":350,"y":980,"wires":[]},{"id":"6860c382159a53aa","type":"hmac","z":"ed9b692543fdc4ea","name":"","algorithm":"HmacSHA256","key":"flow.signature","x":390,"y":1060,"wires":[["cb8e2fe905e99663","5754dd8ecd711ad9"]]},{"id":"cb8e2fe905e99663","type":"debug","z":"ed9b692543fdc4ea","name":"hmac output","active":false,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":590,"y":980,"wires":[]},{"id":"5754dd8ecd711ad9","type":"digest","z":"ed9b692543fdc4ea","name":"","algorithm":"SHA256","x":610,"y":1060,"wires":[["1fee6edaa1aacc06","905eb409b6f77ff0"]]},{"id":"1fee6edaa1aacc06","type":"debug","z":"ed9b692543fdc4ea","name":"digest output","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":810,"y":980,"wires":[]},{"id":"905eb409b6f77ff0","type":"encode","z":"ed9b692543fdc4ea","name":"End: UTF8","encode":"Utf8","x":850,"y":1060,"wires":[["a31ec252047a0968","12d48f8fd954067a"]]},{"id":"a31ec252047a0968","type":"encode","z":"ed9b692543fdc4ea","name":"Encode Base64","encode":"Base64","x":1060,"y":1060,"wires":[["e266a308cf783c99"]]},{"id":"12d48f8fd954067a","type":"debug","z":"ed9b692543fdc4ea","name":"utf8 output","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":1010,"y":980,"wires":[]},{"id":"e266a308cf783c99","type":"debug","z":"ed9b692543fdc4ea","name":"base64 output","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":1260,"y":980,"wires":[]}]

The last UTF8 encode doesn't make any sense to me, but the Base64 encode returns an error without it.

I'd rather not install another dependency if these nodes can do it....which it feels like it could.

Thanks in advance!