Skip to content

Instantly share code, notes, and snippets.

@albertobajo

albertobajo/parse_signed_request

Created November 10, 2010 10:03
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save albertobajo/670637 to your computer and use it in GitHub Desktop.
Save albertobajo/670637 to your computer and use it in GitHub Desktop.
Download ZIP
Python implementation of Facebook's php signed_request parser: http://developers.facebook.com/docs/authentication/canvas
Raw
parse_signed_request
import hmac
import simplejson as json
from base64 import urlsafe_b64decode
from hashlib import sha256
def parse_signed_request(signed_request, secret):
[encoded_sig, payload] = signed_request.split('.')
# decode data
sig = base64_url_decode(encoded_sig)
data = json.loads(base64_url_decode(payload))
if data['algorithm'].upper() != 'HMAC-SHA256':
raise ValueError('Unknown algorithm. Expected HMAC-SHA256')
# check sig
expected_sig = hmac.new(secret, payload, sha256).digest()
if sig != expected_sig:
raise StandardError('Bad Signed JSON signature!')
return data
def base64_url_decode(input):
input += '=' * (4 - (len(input) % 4))
return urlsafe_b64decode(input.encode('utf-8'))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment