function parseSignedRequest($signed_request)
{
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = self::base64decode($encoded_sig);
$data = json_decode(self::base64decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
return '-1';
}
$expected_sig = hash_hmac('sha256', $payload, $this->client_secret, true);
return $sig !== $expected_sig ? '-2' : $data;
}