Golang Base64签名验证VS CryptoJS

"error: illegal base64 data at input byte 40"

// Node.js exampe (code copied from Facebook Instant game SDK example)
const CryptoJS = require('crypto-js');
var firstpart = signedRequest.split('.')[0];
firstpart = firstpart.replace(/-/g, '+').replace(/_/g, '/');
const signature = CryptoJS.enc.Base64.parse(firstpart).toString(); // <-- fail here
const dataHash = CryptoJS.HmacSHA256(signedRequest.split('.')[1], '<APP_SECRET>').toString();
var isValid = signature === dataHash;
const json = CryptoJS.enc.Base64.parse(signedRequest.split('.')[1]).toString(CryptoJS.enc.Utf8);
const data = JSON.parse(json);

上面的代码是Facebook的示例代码，下面的代码（如下）是我写的。

    parts := strings.Split(signedRequest, ".")
    firstPart := parts[0]
    replaced := strings.Replace(firstPart, "-", "+", -1)
    replaced = strings.Replace(replaced, "_", "/", -1)

    signatureByte, err := base64.StdEncoding.DecodeString(replaced) // <-- ERROR here
    if err != nil {
        fmt.Println("error:", err)
        return false, err
    }
    signature := string(signatureByte)

    dataHash := createHmacSHA256(parts[1], "<APP_SECRET>") // TODO: not sure, to string or hex string?

    isValid := signature == dataHash
    if isValid {
        return true, nil
    }