Created
November 17, 2010 19:50
-
-
Save fredoliveira/703941 to your computer and use it in GitHub Desktop.
Parses Facebook OAuth2.0 Signed requests. Ported to Ruby from Facebook's PHP SDK.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ported to ruby by [email protected] | |
| require 'rubygems' | |
| require 'base64' | |
| gem 'json' | |
| require 'json' | |
| require 'openssl' | |
| def parse_facebook_request(str, app_secret) | |
| string = str.split(".") # splits our signed request | |
| encodedsig = string[0] # signature | |
| payload = string[1] # payload | |
| sig = base64_url_decode(encodedsig) | |
| data = JSON.parse(base64_url_decode(payload)) | |
| if(data["algorithm"] != "HMAC-SHA256") | |
| puts "Expected HMAC-SHA256, got something else." | |
| return nil | |
| end | |
| hash = OpenSSL::HMAC.digest('sha256', app_secret, payload) | |
| if(sig != hash) | |
| puts "Bad signed JSON signature" | |
| return nil | |
| end | |
| return data | |
| end | |
| def base64_url_decode(str) | |
| str += '=' * (4 - str.length.modulo(4)) | |
| #puts str | |
| Base64.decode64(str.gsub("-", "+").gsub("_", "/")) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment