According to Facebook - Authentication within a Canvas Page Document, they say that we will be getting a signed_request
which consists a JSON object. Now they say that signed_request
can be get through $_POST['signed_request']
I agree its working for me.
Now according to them if the user is logged in i will be getting a JSON object value like this:-
{
"expires":UNIXTIME_WHEN_ACCESS_TOKEN_EXPIRES,
"algorithm":"HMAC-SHA256",
"issued_at":UNIXTIME_WHEN_REQUEST_WAS_ISSUED,
"oauth_token":"USER_ACCESS_TOKEN",
"user_id":"USER_ID",
"user":{
"country":"ISO_COUNTRY_CODE",
"locale":"ISO_LOCALE_CODE",
...
}
}
Now i want to fetch the user_id
out of this so i am using this piece of code but its not working:-
if(isset($_POST['signed_request']))
{
echo 'YES';
$json = $_POST['signed_request'];
$obj = json_decode($json);
print $obj->{'user_id'};
}
It just print the YES
. Why is it so?
I have read somewhere that without app authentication i will not be able to extract the user_id
but according to the facebook, this is the 1st step and authenticating the application would be 4th. I am new to it, if somebody can please help me, it will be of great help. Thanks.
If you don't want to work with the FB SDK you can use this snippet of code to get the user_id and other variables (snippet from https://developers.facebook.com/docs/facebook-login/using-login-with-games/)
function parse_signed_request($signed_request) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
// confirm the signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
Old post I know but wanted to add a reply to Art Geigel's answer (I can't comment directly on it).
Your code snippet is missing the line,
$secret = "appsecret"; // Use your app secret here
and the complete snippet,
function parse_signed_request($signed_request) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$secret = "appsecret"; // Use your app secret here
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
// confirm the signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
To answer the original question
To get data from the signed_request, include the functions above and...
$data = parse_signed_request($_POST['signed_request']);
echo '<pre>';
print_r($data);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With