Skip to content

Instantly share code, notes, and snippets.

@schneems

schneems/validate_facebook_signature.rb

Created December 20, 2010 20:37
Show Gist options
  • Save schneems/748940 to your computer and use it in GitHub Desktop.
Save schneems/748940 to your computer and use it in GitHub Desktop.
Download ZIP
validate facebook signed_request in ruby
Raw
validate_facebook_signature.rb
require 'base64'
def base64_url_decode(str)
str += '=' * (4 - str.length.modulo(4))
Base64.decode64(str.gsub("-", "+").gsub("_", "/"))
end # source: https://github.com/ptarjan/base64url/blob/master/ruby.rb
require 'hmac'
require 'hmac-sha2' ## used to decode facebook return values
# used to validate signed requests from facebook http://developers.facebook.com/docs/authentication/canvas
#
# replace FACEBOOK[:secret] with your facebook secret
def valid_facebook_signature?(signed_request)
signature, encoded_data = signed_request.split(".")
expected_signature = base64_url_decode(signature)
computed_signature = HMAC::SHA256.digest(FACEBOOK[:secret], encoded_data)
return expected_signature == computed_signature
end
@felangga
Copy link

felangga commented Oct 8, 2016

Where can I get the FACEBOOK[:secret] ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment