-
-
Save aaccurso/9947026 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // modules | |
| var inspect = require('eyes').inspector(), | |
| b64url = require('b64url'), | |
| crypto = require('crypto'); | |
| // app id & secret pairs -- https://developers.facebook.com/apps | |
| var _config = { | |
| // example | |
| '123123123123123': 'b730a55f791275471f39ea702aee993b' | |
| }; | |
| function verifyFB(signedRequest, appId) { | |
| // check config for matchin app secret | |
| var secret = _config[appId]; | |
| if (!secret) { | |
| inspect({ request: signedRequest, appId: appId }, 'Invalid FB App ID'); | |
| return false; | |
| } | |
| // split values from request | |
| var split = signedRequest.split('.'); | |
| var encodedSig = split[0]; | |
| var payload = split[1]; | |
| // decode the signature | |
| var sig = b64url.decode(encodedSig, 'binary'); | |
| // create hash and compare to signature | |
| var expectedSig = crypto.createHmac('sha256', secret).update(payload).digest(); | |
| if (sig !== expectedSig) { | |
| inspect({ request: signedRequest, appId: appId }, 'Invalid FB Signature'); | |
| return false; | |
| } | |
| // Success! return parsed json object | |
| // Mor info at https://developers.facebook.com/docs/facebook-login/using-login-with-games/ | |
| /* { | |
| * "oauth_token": "{user-access-token}", | |
| * "algorithm": "HMAC-SHA256", | |
| * "expires": 1291840400, | |
| * "issued_at": 1291836800, | |
| * "user_id": "218471" | |
| * } | |
| */ | |
| return JSON.parse(b64url.decode(payload)); | |
| } | |
| module.exports = verifyFB; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment