Validate integrity in facebook webhooks
rusikf opened this issue · comments
For using already registered webhooks, we must use something like this:
oauth = Koala::Facebook::RealtimeUpdates.new(app_id: '123', app_secret: '456') # here on initialize request made
if oauth.validate_update
#do some work with data
But in real world, we don't need to make initialize request, because validate_update
only validates integrity and origin of the payload, no authorization request on this step required, only secret key is needed for checking integrity.
Hi @rusikf! That's a good point. The RealtimeUpdates
object shouldn't make a request for the app access token until and unless it actually needs it. I'll rewrite the code to fix that.
Closing since #594 is about to be merged in.