Facebook authResponse / signedRequest verification with NodeJS

fb-verify.js

// modules
var inspect = require('eyes').inspector(),
  b64url = require('b64url'),
  crypto = require('crypto');

// app id & secret pairs -- https://developers.facebook.com/apps
var _config = {
  // example
  '123123123123123': 'b730a55f791275471f39ea702aee993b'
};

function verifyFB(signedRequest, appId) {
  // check config for matchin app secret
  var secret = _config[appId];
  if (!secret) {
    inspect({ request: signedRequest, appId: appId }, 'Invalid FB App ID');
    return false;
  }
  
  // split values from request
  var split = signedRequest.split('.');
  var encodedSig = split[0];
  var payload = split[1];
  
  // decode the signature
  var sig = b64url.decode(encodedSig, 'binary');
  
  // create hash and compare to signature
  var expectedSig = crypto.createHmac('sha256', secret).update(payload).digest();
  
  if (sig !== expectedSig) {
    inspect({ request: signedRequest, appId: appId }, 'Invalid FB Signature');
    return false;
  }
  
  // success! return parsed json object
  return JSON.parse(b64url.decode(payload));
}

module.exports = verifyFB;

For what that tool use?