-
-
Save cyakimov/1139981 to your computer and use it in GitHub Desktop.
| //npm install b64url | |
| //A signed_request for testing: | |
| //WGvK-mUKB_Utg0l8gSPvf6smzacp46977pTtcRx0puE.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyOTI4MjEyMDAsImlzc3VlZF9hdCI6MTI5MjgxNDgyMCwib2F1dGhfdG9rZW4iOiIxNTI1NDk2ODQ3NzczMDJ8Mi5ZV2NxV2k2T0k0U0h4Y2JwTWJRaDdBX18uMzYwMC4xMjkyODIxMjAwLTcyMTU5OTQ3NnxQaDRmb2t6S1IyamozQWlxVldqNXp2cTBmeFEiLCJ1c2VyIjp7ImxvY2FsZSI6ImVuX0dCIiwiY291bnRyeSI6ImF1In0sInVzZXJfaWQiOiI3MjE1OTk0NzYifQ | |
| function parse_signed_request(signed_request, secret) { | |
| encoded_data = signed_request.split('.',2); | |
| // decode the data | |
| sig = encoded_data[0]; | |
| json = base64url.decode(encoded_data[1]); | |
| data = JSON.parse(json); // ERROR Occurs Here! | |
| // check algorithm - not relevant to error | |
| if (!data.algorithm || data.algorithm.toUpperCase() != 'HMAC-SHA256') { | |
| console.error('Unknown algorithm. Expected HMAC-SHA256'); | |
| return null; | |
| } | |
| // check sig - not relevant to error | |
| expected_sig = crypto.createHmac('sha256',secret).update(encoded_data[1]).digest('base64').replace(/\+/g,'-').replace(/\//g,'_').replace('=',''); | |
| if (sig !== expected_sig) { | |
| console.error('Bad signed JSON Signature!'); | |
| return null; | |
| } | |
| return data; | |
| } |
I second that, thank you man! Hurray to you sir! :)
Thanks a lot ! This isn't well documented on Facebook's dev site
Very useful - thanks
very very useful, many thanks
AWESOME!! Thanks...
For those of you, like me, who encounters errors when using this in a node webserver, require these:
var base64url = require('b64url');
var crypto = require('crypto');
Can someone explain what does the final data contains ? Does that contain the page_id that canvas is on ? Like explained here
https://developers.facebook.com/docs/reference/login/signed-request
Here's a cleaned up version that doesn't depend on a third party module: https://gist.github.com/bgmort/d2b89943768358b3da72a13a517708f1
thanks for this
Gracias!
Thank you :))
Danke!
Here is another impl of parsing Facebook signed request for Node.js - https://gist.github.com/dibikhin/16c6df88cee2fefa3441c0c6d6e34fd3
It's well-structured, self-tested and has zero dependencies. It has been successfully tested on production a few times by these steps. Test it carefully anyway.
(The original Facebook code on PHP for Data Deletion Callback.)
I've found this gist after I'd implemented my own :)
@dibikhin Thanks.
https://gist.github.com/jottenlips/6ed1b49e534e8277f7373d53fe0b7547 This is what I am going with, got as close to the PHP as I could.
Thank you very very much!