7👍
this is working for me
def base64_url_decode(inp):
inp = inp.replace('-','+').replace('_','/')
padding_factor = (4 - len(inp) % 4) % 4
inp += "="*padding_factor
return base64.decodestring(inp)
def parse_signed_request(signed_request='a.a', secret=FACEBOOK_APP_SECRET):
l = signed_request.split('.', 2)
encoded_sig = l[0]
payload = l[1]
sig = base64_url_decode(encoded_sig)
data = json.loads(base64_url_decode(payload))
if data.get('algorithm').upper() != 'HMAC-SHA256':
print('Unknown algorithm')
return None
else:
expected_sig = hmac.new(secret, msg=payload, digestmod=hashlib.sha256).digest()
if sig != expected_sig:
return None
else:
print('valid signed request received..')
return data
Source:stackexchange.com