Facebook Data Deletion Request Callback with Django

Posted On September 7, 2018 Author : Shariful Islam Nayon

Facebook provide a way to delete a user details from our apps and systems. Some time we use facebook login app for django authentication and its work perfect. But if the user want to delete his facebook book permission from his/her account we should provide a deletion request callback otherwise facebook may deactivate our facebook login app. I get the idea from original doc https://developers.facebook.com/docs/apps/delete-data/

We follow some steps how to create and apply Data deletion request callback with django

Create a restfull django api url that facebook can send callback request
Api url insert in developer.facebook.com
Now delete app access from test facebook account check its work.

How to create Facebook Data Deletion Request Callback with Django api

In django api views.py file write below code

import base64
import hashlib
import hmac
from django.views.decorators.csrf import csrf_exempt
@method_decorator(csrf_exempt, name='dispatch')
class DataDeletionView(View):
    
    def post(self, request, *args, **kwargs):
        try:
            signed_request = request.POST['signed_request']
            encoded_sig, payload = signed_request.split('.')
        except (ValueError, KeyError):
            return HttpResponse(status=400, content='Invalid request')

        try:
            decoded_payload = base64.urlsafe_b64decode(payload + "==").decode('utf-8')
            decoded_payload = json.loads(decoded_payload)

            if type(decoded_payload) is not dict or 'user_id' not in decoded_payload.keys():
                return HttpResponse(status=400, content='Invalid payload data')

        except (ValueError, json.JSONDecodeError):
            return HttpResponse(status=400, content='Could not decode payload')

        try:
            secret = 'your own app secret key'

            sig = base64.urlsafe_b64decode(encoded_sig + "==")
            expected_sig = hmac.new(bytes(secret, 'utf-8'), bytes(payload, 'utf-8'), hashlib.sha256)
        except:
            return HttpResponse(status=400, content='Could not decode signature')

        if not hmac.compare_digest(expected_sig.digest(), sig):
            return HttpResponse(status=400, content='Invalid request')

        user_id = decoded_payload['user_id']

        try:
            # now you get facebook user id. you can delete its details from your database like below.
            user_account = FacebookUserModel.objects.filter(fb_userid=user_id).delete()
        except FacebookLoginDetails.DoesNotExist:
            return HttpResponse(status=200)

        # Own custom logic here

        return HttpResponse(status=200)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

import base64

import hashlib

import hmac

from django.views.decorators.csrf import csrf_exempt

@method_decorator(csrf_exempt, name='dispatch')

class DataDeletionView(View):

def post(self, request, *args, **kwargs):

try:

signed_request = request.POST['signed_request']

encoded_sig, payload = signed_request.split('.')

except (ValueError, KeyError):

return HttpResponse(status=400, content='Invalid request')

try:

decoded_payload = base64.urlsafe_b64decode(payload + "==").decode('utf-8')

decoded_payload = json.loads(decoded_payload)

if type(decoded_payload) is not dict or 'user_id' not in decoded_payload.keys():

return HttpResponse(status=400, content='Invalid payload data')

except (ValueError, json.JSONDecodeError):

return HttpResponse(status=400, content='Could not decode payload')

try:

secret = 'your own app secret key'

sig = base64.urlsafe_b64decode(encoded_sig + "==")

expected_sig = hmac.new(bytes(secret, 'utf-8'), bytes(payload, 'utf-8'), hashlib.sha256)

except:

return HttpResponse(status=400, content='Could not decode signature')

if not hmac.compare_digest(expected_sig.digest(), sig):

return HttpResponse(status=400, content='Invalid request')

user_id = decoded_payload['user_id']

try:

# now you get facebook user id. you can delete its details from your database like below.

user_account = FacebookUserModel.objects.filter(fb_userid=user_id).delete()

except FacebookLoginDetails.DoesNotExist:

return HttpResponse(status=200)

# Own custom logic here

return HttpResponse(status=200)

In urls.py file do this. Below django version 2

url(r'^deauthtication/$',DataDeletionView.as_view(), name="deauthtication")

1	url(r'^deauthtication/$',DataDeletionView.as_view(), name="deauthtication")

now build your call back url is like https://<websitename>.com/deauthtication

Second step:

Insert your https://<websitename>.com/deauthtication in developer.facebook.com app settings

facebook_deletion_callback

Third step:

Go to your demo facebook account and remove your app.

Note : facebook app required https://websitename it not allow http . I inspired to write this article from here https://stackoverflow.com/questions/48609148/handle-facebook-deauthorize-callback-in-python

Shariful Islam Nayon

I am a Senior Software Engineer. Experienced with Microservice Distributed system expert. Have the capability of handling billion over request services with highly scalable containerized backend with cutting edge technologies. I am available for Hire

6 Comments

scr888 free credit no deposit 2018 · September 7, 2018 at 4:42 pm

Good job!! can i share this in my blog ?

Sufiistic · January 7, 2019 at 5:24 am

Good man!

Stephenjearm · January 19, 2019 at 11:13 pm

Hi Look what we arrange an eye to you! exquisitepresent

Reagan · August 21, 2020 at 1:24 am

https://waterfallmagazine.com
These are actually great ideas in regarding blogging. You have touched some pleasant factors here.
Any way keep up wrinting.

My site … core java interview questions

Delila · September 4, 2020 at 1:29 pm

https://waterfallmagazine.com
Woah! I’m really loving the template/theme of this website.
It’s simple, yet effective. A lot of times it’s challenging to get that
“perfect balance” between superb usability and appearance.
I must say that you’ve done a great job with this.
Also, the blog loads extremely quick for me on Internet
explorer. Excellent Blog!

my blog javascript interview questions

Alejandro · October 16, 2020 at 10:06 pm

https://waterfallmagazine.com
I am extremely inspired with your writing skills as
smartly as with the format in your blog. Is that this a paid subject
or did you customize it your self? Either way stay up the excellent high quality writing, it is uncommon to look a great weblog like this one today..

Facebook Data Deletion Request Callback with Django

How to create Facebook Data Deletion Request Callback with Django api

Related Post

How to install python3.7.2 in Ubuntu 18.4

How to setup Django debug toolbar

Shariful Islam Nayon

6 Comments

scr888 free credit no deposit 2018 · September 7, 2018 at 4:42 pm

Sufiistic · January 7, 2019 at 5:24 am

Stephenjearm · January 19, 2019 at 11:13 pm

Reagan · August 21, 2020 at 1:24 am

Delila · September 4, 2020 at 1:29 pm

Alejandro · October 16, 2020 at 10:06 pm

Leave a Reply