// To secure Facebook Graph API requests:
// - Create a SHA256 hash of your App's Access Token using the App's 'Secret' as the key
// - The hashed value then needs to be added to an 'appsecret_proof' parameter on each Graph API call request
// - Toggle 'Require App Secret' to 'ON' in App dashboard Developer Portal
// Require 'crypto' package as part of Node
const crypto = require('crypto');
// Create HMAC object:
// - Algorithim: 'SHA256'
// - Key: Facebook App Secret
const hmac = crypto.createHmac('sha256', config.FB_appSecret);
// Provide HMAC Facebook Access Token as content to be hashed
hmac.update('config.FB_accessToken');
// Calculate HMAC digest with hexadecimal encoding and log to console
// In production you would store the output, not log it to console
console.log(hmac.digest('hex'));