Created
June 14, 2012 21:46
-
-
Save danro/2933166 to your computer and use it in GitHub Desktop.
Facebook authResponse / signedRequest verification with NodeJS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// modules | |
var inspect = require('eyes').inspector(), | |
b64url = require('b64url'), | |
crypto = require('crypto'); | |
// app id & secret pairs -- https://developers.facebook.com/apps | |
var _config = { | |
// example | |
'123123123123123': 'b730a55f791275471f39ea702aee993b' | |
}; | |
function verifyFB(signedRequest, appId) { | |
// check config for matchin app secret | |
var secret = _config[appId]; | |
if (!secret) { | |
inspect({ request: signedRequest, appId: appId }, 'Invalid FB App ID'); | |
return false; | |
} | |
// split values from request | |
var split = signedRequest.split('.'); | |
var encodedSig = split[0]; | |
var payload = split[1]; | |
// decode the signature | |
var sig = b64url.decode(encodedSig, 'binary'); | |
// create hash and compare to signature | |
var expectedSig = crypto.createHmac('sha256', secret).update(payload).digest(); | |
if (sig !== expectedSig) { | |
inspect({ request: signedRequest, appId: appId }, 'Invalid FB Signature'); | |
return false; | |
} | |
// success! return parsed json object | |
return JSON.parse(b64url.decode(payload)); | |
} | |
module.exports = verifyFB; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For what that tool use?