Method: Koala::Facebook::OAuth#parse_signed_request

Defined in:
lib/koala/oauth.rb

#parse_signed_request(input) ⇒ Object

Parses a signed request string provided by Facebook to canvas apps or in a secure cookie.

Parameters:

  • input

    the signed request from Facebook

Returns:

  • a hash of the validated request information

Raises:

  • OAuthSignatureError if the signature is incomplete, invalid, or using an unsupported algorithm



259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
 
# File 'lib/koala/oauth.rb', line 259

def parse_signed_request(input)
  encoded_sig, encoded_envelope = input.split('.', 2)
  raise OAuthSignatureError, 'Invalid (incomplete) signature data' unless encoded_sig && encoded_envelope

  signature = base64_url_decode(encoded_sig).unpack("H*").first
  envelope = MultiJson.load(base64_url_decode(encoded_envelope))

  raise OAuthSignatureError, "Unsupported algorithm #{envelope['algorithm']}" if envelope['algorithm'] != 'HMAC-SHA256'

  # now see if the signature is valid (digest, key, data)
  hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, @app_secret, encoded_envelope)
  raise OAuthSignatureError, 'Invalid signature' if (signature != hmac)

  envelope
end