Logo Questions Linux Laravel Mysql Ubuntu Git Menu

In facebook canvas app where do I send the signed request parameter once I've captured it in log in

I'm using the javascript sdk. In the documentation it says that you get the signed request from the response object that FB.getLoginStatus() returns when the users status = connected, but now I need to parse the signed request. How do I send it to the php page I have the parse code on? Do I include the php code on my canvas app index page and then send the signedRequest to the code on same page? Or keep the code on separate pages and pass the SR.

The first block of code is on my index.html page. It checks the login status and gets the signed request parameter from the response object.

The second block is php code facebook provides for parsing the signed request when you capture it via the registratiton plug in, but the plug in automatically sends the SR to this page when you provide its url as a parameter. In the canvas app I have to pass it myself. How do I do that?


FB.getLoginStatus(function(response) {
  if (response.status === 'connected') {

    // the user is logged in and has authenticated your
    // app, and response.authResponse supplies
    // the user's ID, a valid access token, a signed
    // request, and the time the access token 
    // and signed request each expire

    var uid = response.authResponse.userID;
    var accessToken = response.authResponse.accessToken;    
    var signedRequest = response.authResponse.signedRequest;

  } else if (response.status === 'not_authorized') {
    // the user is logged in to Facebook, 

  } else {
    // the user isn't logged in to Facebook.

PHP page

define('FACEBOOK_APP_ID', '3*****88&'); // Place your App Id here
define('FACEBOOK_SECRET', '1345*****eb4f2da'); // Place your App Secret Here

// No need to change the function body
function parse_signed_request($signed_request, $secret) 
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);
    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256')
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) 
        error_log('Bad Signed JSON signature!');
        return null;
    return $data;

function base64_url_decode($input) 
    return base64_decode(strtr($input, '-_', '+/'));

if ($_REQUEST) 
    $response = parse_signed_request($_REQUEST['signed_request'], FACEBOOK_SECRET);

$name = $response["registration"]["name"]; 
$email = $response["registration"]["email"]; 
$password = $response["registration"]["password"];
$uID = $response["user_id"];

like image 319
Spilot Avatar asked Mar 24 '23 04:03


2 Answers

Expanding on Clay's Answer you could implement it something like this with jQuery.get():

var signed_request = getSignedRequest(), // however you do this..
    url = "http://yoursite.com/phppage.php", // wherever your php code is
    ajax = $.get(url, {signed_request: signed_request}); // initiate ajax call

// ajax success handler

Of course you'll need to grab that value in your PHP file

$signed_request = $_GET['signed_request'];
like image 112
Zach Lysobey Avatar answered Apr 06 '23 07:04

Zach Lysobey

Send it to http://yoursite.com/phppage.php?signed_request={signed_request_from_js}

You can do so with jQuery.get()

like image 38
Clay Freeman Avatar answered Apr 06 '23 08:04

Clay Freeman