I'm using the javascript sdk. In the documentation it says that you get the signed request from the response object that FB.getLoginStatus() returns when the users status = connected, but now I need to parse the signed request. How do I send it to the php page I have the parse code on? Do I include the php code on my canvas app index page and then send the signedRequest to the code on same page? Or keep the code on separate pages and pass the SR.
The first block of code is on my index.html page. It checks the login status and gets the signed request parameter from the response object.
The second block is php code facebook provides for parsing the signed request when you capture it via the registratiton plug in, but the plug in automatically sends the SR to this page when you provide its url as a parameter. In the canvas app I have to pass it myself. How do I do that?
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
// the user is logged in and has authenticated your
// app, and response.authResponse supplies
// the user's ID, a valid access token, a signed
// request, and the time the access token
// and signed request each expire
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
var signedRequest = response.authResponse.signedRequest;
} else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
} else {
// the user isn't logged in to Facebook.
}
});
<?php
define('FACEBOOK_APP_ID', '3*****88&'); // Place your App Id here
define('FACEBOOK_SECRET', '1345*****eb4f2da'); // Place your App Secret Here
// No need to change the function body
function parse_signed_request($signed_request, $secret)
{
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256')
{
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig)
{
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input)
{
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST)
{
$response = parse_signed_request($_REQUEST['signed_request'], FACEBOOK_SECRET);
}
$name = $response["registration"]["name"];
$email = $response["registration"]["email"];
$password = $response["registration"]["password"];
$uID = $response["user_id"];
?>
Expanding on Clay's Answer you could implement it something like this with jQuery.get():
var signed_request = getSignedRequest(), // however you do this..
url = "http://yoursite.com/phppage.php", // wherever your php code is
ajax = $.get(url, {signed_request: signed_request}); // initiate ajax call
// ajax success handler
ajax.done(function(ajaxResponse){
console.log(ajaxResponse);
});
Of course you'll need to grab that value in your PHP file
$signed_request = $_GET['signed_request'];
Send it to http://yoursite.com/phppage.php?signed_request={signed_request_from_js}
You can do so with jQuery.get()
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With