Menu
We are using the Facebook Javascript SDK to authenticate our users.
Once a user authenticates, the user gets a fbsr_<app_id> cookie containing a signed request.
We then use AJAX to post some information to our server. The server receives the cookie with the signed request, but when the server parses the signed request (modified python SDK) in the cookie, it decodes the JSON object as:
{
"algorithm": "HMAC-SHA256",
"code": "2.AQDBJ3-ZpURb9P4T.3600.1316037600.1-786359552|BNK6FGOAkvMs7slboQMSIEJYDWc",
"issued_at": 1316031333,
"user_id": "786359552"
}
This is contrary to what the signed request documentation says we should get.
The server needs the access token, so it can get some additional information with the GraphAPI.
How do we get the access token from the signed request?
227
To get the API token for a user, an HTTP POST request should be sent to the Token resource. In the post body, username and password are specified in JSON format, and the response body contains a token key with an actual API Token as the value.
using the new oauth2 workflow with the javascript sdk the user token will be available.
After you authenticate you can find the token with something like this
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
alert(response.authResponse.accessToken);
}
});
Once you have the token you can just pass that back to your backend to query the graph.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
