/** * Hashes the signature used in a signed request. * * @param string $encodedData * @param string|null $appSecret * * @return string * * @throws FacebookSDKException */ public static function hashSignature($encodedData, $appSecret = null) { $hashedSig = hash_hmac('sha256', $encodedData, FacebookSession::_getTargetAppSecret($appSecret), $raw_output = true); if ($hashedSig) { return $hashedSig; } throw new FacebookSDKException('Unable to hash signature from encoded payload data.', 602); }
/** * Send a request to Graph with an app access token. * * @param string $endpoint * @param array $params * @param string|null $appId * @param string|null $appSecret * * @return \Facebook\FacebookResponse * * @throws FacebookRequestException */ protected static function request($endpoint, array $params, $appId = null, $appSecret = null) { $targetAppId = FacebookSession::_getTargetAppId($appId); $targetAppSecret = FacebookSession::_getTargetAppSecret($appSecret); if (!isset($params['client_id'])) { $params['client_id'] = $targetAppId; } if (!isset($params['client_secret'])) { $params['client_secret'] = $targetAppSecret; } // The response for this endpoint is not JSON, so it must be handled // differently, not as a GraphObject. $request = new FacebookRequest(FacebookSession::newAppSession($targetAppId, $targetAppSecret), 'GET', $endpoint, $params); return $request->execute(); }
/** * Generate and return the appsecret_proof value for an access_token * * @param string $token * * @return string */ public function getAppSecretProof($token) { return hash_hmac('sha256', $token, FacebookSession::_getTargetAppSecret()); }
/** * Initialize the helper and process available signed request data. * * @param string|null $appId * @param string|null $appSecret */ public function __construct($appId = null, $appSecret = null) { $this->appId = FacebookSession::_getTargetAppId($appId); $this->appSecret = FacebookSession::_getTargetAppSecret($appSecret); $this->instantiateSignedRequest(); }