Skip to content

Instantly share code, notes, and snippets.

@zinzinday

zinzinday/signed_request.js

Forked from sorenlouv/signed_request.js
Created March 30, 2018 21:33
Show Gist options
  • Save zinzinday/11207ea09eb02a21d08528e04bf29e5f to your computer and use it in GitHub Desktop.
Save zinzinday/11207ea09eb02a21d08528e04bf29e5f to your computer and use it in GitHub Desktop.
Download ZIP
Parse signed request from Facebook cookie, and exchange code to access token
Raw
signed_request.js
var request = require('request-promise');
var crypto = require('crypto');
var config = {...};
function getAccessToken(cookies) {
var cookieName = 'fbsr_' + config.client_id;
var signedRequest = cookies[cookieName];
var code = getCode(signedRequest);
return exchangeCodeForAccessToken(code);
};
function parseSignedRequest(signedRequest, secret) {
signedRequest = signedRequest.split('.');
var encodedSig = signedRequest[0];
var payload = signedRequest[1];
var data = JSON.parse(new Buffer(payload, 'base64').toString());
if (data.algorithm.toUpperCase() !== 'HMAC-SHA256') {
return null;
}
var hmac = crypto.createHmac('sha256', secret);
var encodedPayload = hmac.update(payload)
.digest('base64')
.replace(/\//g, '_').replace(/\+/g, '-')
.replace(/={1,2}$/, '');
if (encodedSig !== encodedPayload) {
return null;
}
return data;
}
function getCode(signedRequest) {
var payload = parseSignedRequest(signedRequest, config.client_secret);
return payload.code;
}
function exchangeCodeForAccessToken(code) {
var url = 'https://graph.facebook.com/v2.3/oauth/access_token' +
'?client_id=' + config.client_id +
'&redirect_uri=' +
'&client_secret=' + config.client_secret +
'&code=' + code;
return request({
url: url,
json: true,
gzip: true
}).then(function(response) {
return response.access_token;
});
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment