# File lib/omniauth/strategies/oauth2/facebook.rb, line 104
        def parse_signed_request(input)
          encoded_sig, encoded_envelope = input.split('.', 2)
          signature = base64_url_decode(encoded_sig).unpack("H*").first
          envelope = MultiJson.decode(base64_url_decode(encoded_envelope))

          raise "SignedRequest: Unsupported algorithm #{envelope['algorithm']}" if envelope['algorithm'] != 'HMAC-SHA256'

          # now see if the signature is valid (digest, key, data)
          hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, client.secret, encoded_envelope.tr("-_", "+/"))
          raise 'SignedRequest: Invalid signature' if (signature != hmac)

          return envelope
        end