Skip to content

Instantly share code, notes, and snippets.

@craigmcnamara

craigmcnamara/gist:1051796

Created June 28, 2011 18:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save craigmcnamara/1051796 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save craigmcnamara/1051796 to your computer and use it in GitHub Desktop.
Download ZIP
Testing a signed faecbook request
Raw
gistfile1.txt
module FacebookSession
def parse_signed_request(secret_id,request)
encoded_sig, payload = request.split('.', 2)
sig = ""
urldecode64(encoded_sig).each_byte { |b|
sig << "%02x" % b
}
data = JSON.parse(urldecode64(payload))
if data['algorithm'].to_s.upcase != 'HMAC-SHA256'
raise "Bad signature algorithm: %s" % data['algorithm']
end
expected_sig = OpenSSL::HMAC.hexdigest('sha256', secret_id, payload)
if expected_sig != sig
raise "Bad signature"
end
data
end
def urldecode64(str)
encoded_str = str.gsub('-','+').gsub('_','/')
encoded_str += '=' while !(encoded_str.size % 4).zero?
Base64.decode64(encoded_str)
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment