Skip to content

Instantly share code, notes, and snippets.

@AndrewDryga

AndrewDryga/signed_request.ex

Created July 14, 2018 15:11
Show Gist options
  • Save AndrewDryga/af6a2a8338784b1b9eb6f7de8c537db6 to your computer and use it in GitHub Desktop.
Save AndrewDryga/af6a2a8338784b1b9eb6f7de8c537db6 to your computer and use it in GitHub Desktop.
Download ZIP
Deciding Facebook signed request in Elixir
Raw
signed_request.ex
app_secret = Keyword.fetch!(config, :app_secret)
with [encoded_signature, encoded_payload] <- String.split(signed_request, "."),
{:ok, signature} <- Base.url_decode64(encoded_signature, padding: false),
{:ok, payload} <- Base.url_decode64(encoded_payload, padding: false),
{:ok, payload} <- Jason.decode(payload),
%{"algorithm" => "HMAC-SHA256"} <- payload,
payload_signature = :crypto.hmac(:sha256, app_secret, encoded_payload),
true <- Plug.Crypto.secure_compare(signature, payload_signature) do
{:ok, payload}
else
_error ->
{:error, :invalid_signature}
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment