9
10
11
12
13
14
15
16
17
18
19
|
# File 'lib/fb_graph/auth/signed_request.rb', line 9
def self.verify(client, signed_request)
signature, payload = signed_request.split('.')
raise VerificationFailed.new(401, 'No Signature') if signature.blank?
raise VerificationFailed.new(401, 'No Payload') if payload.blank?
signature = base64_url_decode signature
data = decode_json base64_url_decode(payload)
raise VerificationFailed.new(401, 'Unexpected Signature Algorithm') unless data[:algorithm] == 'HMAC-SHA256'
_signature_ = sign(client.secret, payload)
raise VerificationFailed.new(401, 'Signature Invalid') unless signature == _signature_
data
end
|