Add method to FacebookClient to parse signed_request #26
Description
When working with an app directly on Facebook or installed in a Facebook Page, Facebook makes a POST to the url set in the config with a signed_request. This is basically the same that the cookie stores when calling FB.init from client side with cookies enabled.
But there are times that you need to access the signed_request that the first POST gives you, because it contains extra data already sent by Facebook. To be concrete, my case is that I need to know wether a user accesing the app installed in a Facebook Page likes that page. Facebook sends that info in the signed_request.
It would be great if this lib had a method for parsing the signed_request. In fact, by looking at the code, that is almost done in getSessionByFbsrCookie. I created the parse_request method by copying some of the code there:
function parse_signed_request(signed_request, secret) {
var encoded_data = signed_request.split('.');
var signature = facebook.convertBase64ToHex(encoded_data[0].replace(/\-/g, '+').replace(/\_/g, '/'));
var payload = encoded_data[1];
var data_raw_json = new Buffer(payload.replace(/\-/g, '+').replace(/\_/g, '/'), 'base64').toString('binary');
var data;
try
{
data = JSON.parse(data_raw_json);
}
catch (error)
{
data = null;
}
if (!data) return null;
if (!data['algorithm'] || !data['issued_at']) {
return null;
}
if (data['algorithm'].toUpperCase() != 'HMAC-SHA256')
{
return null;
}
var expected_signature = facebook.signaturePayload(payload);
if (expected_signature !== signature)
{
return null;
}
return data;
}
I think from here you can add the method in FacebookClient.