Method: FacebookClient::Session::SignedRequestParam.verify_signed_request
- Defined in:
- lib/session/signed_request_param.rb
.verify_signed_request(secret, signed_request) ⇒ Object
This function takes the app secret and the signed request, and verifies if the request is valid.
72 73 74 75 76 77 |
# File 'lib/session/signed_request_param.rb', line 72 def self.verify_signed_request(secret, signed_request) signature, encoded_url = signed_request.split(".") signature = base64_url_decode(signature) expected_sig = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('SHA256'), secret, encoded_url.tr("-_", "+/")) return signature == expected_sig end |