function fboauth_parse_signed_request in Facebook OAuth (FBOAuth) 7
Same name and namespace in other branches
- 6 includes/fboauth.fboauth.inc \fboauth_parse_signed_request()
- 7.2 includes/fboauth.fboauth.inc \fboauth_parse_signed_request()
Parse a signed_request from Facebook.
See also
http://developers.facebook.com/docs/authentication/signed_request/
1 call to fboauth_parse_signed_request()
- fboauth_deauthorize in includes/
fboauth.fboauth.inc - Process a deauthorization request from Facebook.
File
- includes/
fboauth.fboauth.inc, line 930 - Provides functions used during Facebook login processes.
Code
function fboauth_parse_signed_request($signed_request, $secret) {
list($encoded_signature, $payload) = explode('.', $signed_request, 2);
// Decode the data.
$signature = fboauth_base64_url_decode($encoded_signature);
$data = json_decode(fboauth_base64_url_decode($payload), TRUE);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
watchdog('fboauth', 'A Facebook deauthorization request failed: Unknown signed request algorithm. Expected HMAC-SHA256.');
return NULL;
}
// Check the signature.
$expected_signature = hash_hmac('sha256', $payload, $secret, $raw = TRUE);
if ($signature !== $expected_signature) {
watchdog('fboauth', 'A Facebook deauthorization request failed: Bad Signed JSON signature!');
return NULL;
}
return $data;
}