Add token verification

masnun · May 30, 2016 · dfde73b · dfde73b
1 parent 2933b5c
commit dfde73b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -27,6 +27,7 @@ You shall see the url for your local server. Something like: `https://6cecffb8.n
 * Create a Facebook App.
 * Add the `Messenger` Product.
 * Enable webhooks. Use the above URL as the callback webhook URL. 
+*  Edit `server.py` and update the `VERIFY_TOKEN` with the token you set.
 * Once the callback is verified, subscribe the app to one of your pages. 
 * Also generate a page access token for that page. 
 *  Edit `server.py` and update the `ACCESS_TOKEN` with the new token we got.

diff --git a/server.py b/server.py
@@ -3,8 +3,8 @@
 
 app = Flask(__name__)
 
-ACCESS_TOKEN = "EAAPOM5FJjzABALnc3PZBf6CVQgkPvWGuVY8hMaqHZCdmeQc3WRhUwa9uaCGpEBdhSXCd6QHR08ahHICNNMSduy2ZCKgPMAuh8zetXvb0ZCjHERgenWPYQeRlFZAQPVZAeETQrFxMPHhCEsoZCj8HvzoCgUJkGK8qr4ZD"
-
+ACCESS_TOKEN = ""
+VERIFY_TOKEN = ""
 
 def reply(user_id, msg):
     data = {
@@ -17,10 +17,13 @@ def reply(user_id, msg):
 
 @app.route('/', methods=['GET'])
 def handle_verification():
-    return request.args['hub.challenge']
+    if request.args['hub.verify_token'] == VERIFY_TOKEN:
+        return request.args['hub.challenge']
+    else:
+        return "Invalid verification token"
 
 
-@app.route('/', methods=['POST', 'GET'])
+@app.route('/', methods=['POST'])
 def handle_incoming_messages():
     data = request.json
     sender = data['entry'][0]['messaging'][0]['sender']['id']