sebacruz · December 27, 2015 02:29
diff --git a/gistfile1.php b/gistfile1.php
 <?php
 function parse_signed_request($signed_request) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 
    
    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), TRUE);
    
    // confirm the signature
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = TRUE);
    
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return NULL;
    }
    
    return $data;
 }

 function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
 }


 $data = parse_signed_request($_REQUEST['signed_request']);
diff --git a/response.txt b/response.txt
 {
   "oauth_token": "{user-access-token}",
   "algorithm": "HMAC-SHA256",
   "expires": 1291840400,
   "issued_at": 1291836800,
   "user_id": "218471"
 }
	<?php
	function parse_signed_request($signed_request) {
	list($encoded_sig, $payload) = explode('.', $signed_request, 2);

	// decode the data
	$sig = base64_url_decode($encoded_sig);
	$data = json_decode(base64_url_decode($payload), TRUE);

	// confirm the signature
	$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = TRUE);

	if ($sig !== $expected_sig) {
	error_log('Bad Signed JSON signature!');
	return NULL;
	}

	return $data;
	}

	function base64_url_decode($input) {
	return base64_decode(strtr($input, '-_', '+/'));
	}


	$data = parse_signed_request($_REQUEST['signed_request']);
	{
	"oauth_token": "{user-access-token}",
	"algorithm": "HMAC-SHA256",
	"expires": 1291840400,
	"issued_at": 1291836800,
	"user_id": "218471"
	}