From 23dca8987c52d1402f8f0b154acdd043d412b766 Mon Sep 17 00:00:00 2001 From: Stefan Daschek Date: Wed, 5 Sep 2012 00:35:59 +0200 Subject: [PATCH] Use base64_url_decode for decoding signed request JSON. https://developers.facebook.com/docs/authentication/signed_request/ states that the JSON part of the signed request is base64url encoded. Without this fix, decoding signed requests containing _ or - characters leads to garbled strings and JSON parsing fails subsequently. --- lib/facebooker2/rails/controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/facebooker2/rails/controller.rb b/lib/facebooker2/rails/controller.rb index a55923f..b3f5687 100644 --- a/lib/facebooker2/rails/controller.rb +++ b/lib/facebooker2/rails/controller.rb @@ -121,7 +121,7 @@ def generate_signature(hash,secret) def fb_signed_request_json(encoded) chars_to_add = 4-(encoded.size % 4) encoded += ("=" * chars_to_add) - Base64.decode64(encoded) + base64_url_decode(encoded) end def facebook_params