rmartone/validateSignedPlayerInfo.js

## validateSignedPlayerInfo.js
const createHmac = require("crypto").createHmac;
const APP_SECRET = "<APP_SECRET>";

/**
 * Validates the signature provided by FBInstant.player.getSignedPlayerInfoAsync()
 * @param {string} signedPayload returned by getSignature() after
 * @returns response payload as a JSON object; otherwise, returns undefined.
 * @see https://developers.facebook.com/docs/games/instant-games/sdk/fbinstant6.1/#signedplayerinfo
 */
function validateSignedPlayerInfo(signedPayload) {
  const data = signedPayload.split(".");
  // buffer supports base64url
  const signature = new Buffer(data[0], "base64").toString("hex");
  const payload = new Buffer(data[1], "base64").toString("utf8");
  return createHmac("sha256", APP_SECRET)
    .update(data[1])
    .digest("hex") === signature
    ? payload
    : undefined;
}

FBInstant.player.getSignedPlayerInfoAsync().then(result => {
  console.log(validateSignedPlayerInfo(result.getSignature()));
});
	const createHmac = require("crypto").createHmac;
	const APP_SECRET = "<APP_SECRET>";

	/**
	* Validates the signature provided by FBInstant.player.getSignedPlayerInfoAsync()
	* @param {string} signedPayload returned by getSignature() after
	* @returns response payload as a JSON object; otherwise, returns undefined.
	* @see https://developers.facebook.com/docs/games/instant-games/sdk/fbinstant6.1/#signedplayerinfo
	*/
	function validateSignedPlayerInfo(signedPayload) {
	const data = signedPayload.split(".");
	// buffer supports base64url
	const signature = new Buffer(data[0], "base64").toString("hex");
	const payload = new Buffer(data[1], "base64").toString("utf8");
	return createHmac("sha256", APP_SECRET)
	.update(data[1])
	.digest("hex") === signature
	? payload
	: undefined;
	}

	FBInstant.player.getSignedPlayerInfoAsync().then(result => {
	console.log(validateSignedPlayerInfo(result.getSignature()));
	});