class Restforce::SignedRequest

def self.decode(signed_request, client_secret)

Returns the parsed JSON context.

client_secret - The oauth client secret used to encrypt the signed request.
signed_request - The POST message containing the signed request from Salesforce.

Public: Initializes and decodes the signed request

def self.decode(signed_request, client_secret)
  new(signed_request, client_secret).decode
end

def decode

Returns nil if the signed request is invalid.
Returns the parsed JSON context.

Public: Decode the signed request.

def decode
  return nil if signature != hmac
  JSON.parse(Base64.decode64(payload))
end

def digest

def digest
  digest_class.new('sha256')
end

def digest_class

def digest_class
  if RUBY_VERSION < '2.1'
    OpenSSL::Digest::Digest
  else
    OpenSSL::Digest
  end
end

def hmac

def hmac
  OpenSSL::HMAC.digest(digest, client_secret, payload)
end

def initialize(signed_request, client_secret)

def initialize(signed_request, client_secret)
  @client_secret = client_secret
  split_components(signed_request)
end

def split_components(signed_request)

def split_components(signed_request)
  @signature, @payload = signed_request.split('.')
  @signature = Base64.decode64(@signature)
end

Namespace

Restforce

Class Methods

:: decode

Instance Methods

Defined in

lib/restforce/signed_request.rb

Modules

Classes