function fb_parse_signed_request in Drupal for Facebook 7.4

Based on https://developers.facebook.com/docs/authentication/signed_request/ (facebook has removed that documentation and not replaced it!)

3 calls to fb_parse_signed_request()

fb_ajax_event in ./fb.module: Menu callback for ajax event.
fb_devel_page in ./fb_devel.module: Provides a page with useful debug info.
fb_user_token in ./fb.module: The user-specific token allows individual users to post to their own feeds.

File

./fb.module, line 1672

Code

function fb_parse_signed_request($signed_request, $secret = NULL) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2);

  // Decode the data.
  $sig = fb_base64_url_decode($encoded_sig);
  $data = fb_json_decode(fb_base64_url_decode($payload));

  // Verify the signiture.
  if ($secret) {
    if ($data['algorithm'] !== 'HMAC-SHA256') {
      throw new Exception('Parsing facebook signed request, expected HMAC-SHA256 but got ' . $data['algorithm']);
    }
    else {
      $expected_sig = hash_hmac('sha256', $payload, $secret, TRUE);
      if ($expected_sig != $sig) {
        throw new Exception('Invalid signature in facebook signed request.');
      }
    }
  }
  return $data;
}

You are here

function fb_parse_signed_request in Drupal for Facebook 7.4

File

Code

API Navigation