create facebook appsecret proof in NodeJS

fb-app-secret-proof.js

const crypto = require('crypto');

let accessToken = 'your fb accesstoken' || 'facebookClientId' + '|' + 'facebookClientSecret'
let clientSecret = 'your fb client secret'

let appsecret_proof: crypto.createHmac('sha256', clientSecret).update(accessToken).digest('hex')

Not working for me! Are you sure we can provide 'facebookClientId' + '|' + 'facebookClientSecret' as the app access token for this particular API?

With the 2.8 facebook api it's more like

import CryptoJS from 'crypto-js';
const accessToken = 'your accesstoken';
const clientSecret = 'your secretkey';
const appsecretProof = CryptoJS.HmacSHA256(accessToken, clientSecret).toString(CryptoJS.enc.Hex);

For the record, the above solution with require('crypto') still works just fine in 2018.

What's important is too not use 'your fb accesstoken' but to understand it as "your users' token"

 const crypto = require('crypto');
 const YOU_FACEBOOK_APP_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
 
 // For example we want to generate a hash for user 1
 let yourUserToken = user1.facebookToken;
 
 let hash = crypto.createHmac('sha256', YOU_FACEBOOK_APP_SECRET).update(yourUserToken).digest('hex');

@jyotman it's not working for me. What about you?

I created a Gist for this as well. fb_appsecret_proof.js. @mfressdorf and @peterpeterparker's code works, maybe my take will help others. When I reference accessToken in my Gist, keep in mind, this is the access token used when making Graph API calls for your Facebook App on behalf of the user using the App so, it would typically be the long term access token that you generated.