diff --git a/open_facebook/api.py b/open_facebook/api.py
index b023e018..67385319 100644
--- a/open_facebook/api.py
+++ b/open_facebook/api.py
@@ -464,7 +464,7 @@ def parse_signed_data(cls, signed_request,
         and
         http://sunilarora.org/parsing-signedrequest-parameter-in-python-bas
         '''
-        from open_facebook.utils import base64_url_decode_php_style
+        from open_facebook.utils import base64_url_decode_php_style, smart_str
         l = signed_request.split('.', 2)
         encoded_sig = l[0]
         payload = l[1]
@@ -472,7 +472,7 @@ def parse_signed_data(cls, signed_request,
         sig = base64_url_decode_php_style(encoded_sig)
         import hmac
         import hashlib
-        data = json.loads(base64_url_decode_php_style(payload))
+        data = json.loads(base64_url_decode_php_style(payload).decode('utf-8'))
 
         algo = data.get('algorithm').upper()
         if algo != 'HMAC-SHA256':
@@ -482,10 +482,10 @@ def parse_signed_data(cls, signed_request,
             logger.error('Unknown algorithm')
             return None
         else:
-            expected_sig = hmac.new(secret, msg=payload,
+            expected_sig = hmac.new(smart_str(secret), msg=smart_str(payload),
                                     digestmod=hashlib.sha256).digest()
 
-        if sig != expected_sig:
+        if not hmac.compare_digest(sig, expected_sig):
             error_format = 'Signature %s didnt match the expected signature %s'
             error_message = error_format % (sig, expected_sig)
             send_warning(error_message)