I'm using facebook php sdk 3.1.1 and the current version of the facebook JS sdk. Our users are not reporting errors, but I'm seeing a ton of error log messages like this:
Unknown algorithm. Expected HMAC-SHA256
I see from the source that the error is triggered when reading a signed request with the wrong encoding encoding algorithm, but I'm not sure why that would be, as all signed requests should be generated by the facebook JS code.
Anyone seen this behavior? Any idea how bad a thing this is, or whether it's really indicative of errors? I have been unable to replicate it on demand.
Try logging some of the signed_request
parameters to inspect them manually. For instance, you could change the log line in Base_Facebook::parseSignedRequest
to this:
self::errorLog('Unknown algorithm. Expected HMAC-SHA256, request='.$signed_request);
Once you have a few of these logged, decode them manually or paste them at the end of this URL:
https://developers.facebook.com/tools/echo?signed_request=
Check what algorithm is specified in the payload or whether the data is malformed in some way. If you share the results here, make sure to omit private data like the access token value.
You might also want to check your web server access logs. For starters, look for GET requests with a signed_request
query parameter that occurred around the same time as those entries in your error logs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With