rmartone · September 2, 2019 15:23
diff --git a/validateSignedPlayerInfo.js b/validateSignedPlayerInfo.js
 const createHmac = require("crypto").createHmac;
 const APP_SECRET = "<APP_SECRET>";

 /**
 * Validates the signature provided by FBInstant.player.getSignedPlayerInfoAsync()
 * @param {string} signedPayload returned by getSignature() after
 * @returns response payload as a JSON object; otherwise, returns undefined.
 * @see https://developers.facebook.com/docs/games/instant-games/sdk/fbinstant6.1/#signedplayerinfo
 */
 function validateSignedPlayerInfo(signedPayload) {
  const data = signedPayload.split(".");
  // buffer supports base64url
  const signature = new Buffer(data[0], "base64").toString("hex");
  const payload = new Buffer(data[1], "base64").toString("utf8");
  return createHmac("sha256", APP_SECRET)
    .update(data[1])
    .digest("hex") === signature
    ? payload
    : undefined;
 }

 FBInstant.player.getSignedPlayerInfoAsync().then(result => {
  console.log(validateSignedPlayerInfo(result.getSignature()));
 });
	const createHmac = require("crypto").createHmac;
	const APP_SECRET = "<APP_SECRET>";

	/**
	* Validates the signature provided by FBInstant.player.getSignedPlayerInfoAsync()
	* @param {string} signedPayload returned by getSignature() after
	* @returns response payload as a JSON object; otherwise, returns undefined.
	* @see https://developers.facebook.com/docs/games/instant-games/sdk/fbinstant6.1/#signedplayerinfo
	*/
	function validateSignedPlayerInfo(signedPayload) {
	const data = signedPayload.split(".");
	// buffer supports base64url
	const signature = new Buffer(data[0], "base64").toString("hex");
	const payload = new Buffer(data[1], "base64").toString("utf8");
	return createHmac("sha256", APP_SECRET)
	.update(data[1])
	.digest("hex") === signature
	? payload
	: undefined;
	}

	FBInstant.player.getSignedPlayerInfoAsync().then(result => {
	console.log(validateSignedPlayerInfo(result.getSignature()));
	});