facebook $facebook->getSignedRequest(); error
i am placing the right app id and secret key and im calling facebook.php the right way. I get no errors or warnings, just that the script doesn’t work. $like_status doesn’t return anything did the script changed? is there another version? thanks edit. more code:
$app_id, 'secret' => $app_secret, 'cookie' => true )); $signed_request = $facebook->getSignedRequest(); $like_status = $signed_request["page"]["liked"]; echo "
like status = $like_status"; ?> I might have found a solution (I add this problem too!), see my answer. Tested it right now and I’m also getting a signed request even if I’m not logged on facebook. Woohoo!
just to let you know i my case i had to use $like_status = $signed_request[«page»]->liked; . don’t know why i have an array/object ??
6 Answers 6
I had similar problem a while ago — the solution was to specify full url for tab or/and canvas page to receive signed request.
Didn’t work for me unfortunately, I’m wondering if there’s an issue with Facebook forcing https now. On my side I’m redirecting back to http.
This is why you lose the signed request. Your redirection should be to blah/url/?signed_request=$_REQUEST[‘signed_request’] (you might need to URLencode it). I’ve added an answer explaining that. HTH
Facebook sends the signed request to your page when it is called from facebook.
$signed_request = $_REQUEST["signed_request"]; list($encoded_sig, $payload) = explode('.', $signed_request, 2); $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true); $facebook->getSignedRequest(); does that for you. If it isn’t working, this likely won’t work either.
$_REQUEST[‘signed_request’] could be empty if your canvas (or page tab) URL is not the final one and redirects to some other URL because Facebook posts the signed request only once. When redirecting, the posted value is lost.
If you have some control over the redirection, then add ?signed_request=$_REQUEST[‘signed_request’] to your redirected URL (you might also need to pass other custom GET parameters)
- what is the version of facebook php sdk?
- check access_log and error_log in your web server
- have you some missing «;» ?
Not sure whats wrong here, but here is a basic page that it will work on. Make sure that the latest version of facebook.php and base_facebook.php is in the same directory. You can find the sdk here: https://github.com/facebook/php-sdk Allso remember to put in your app id and secret where you se all the 111111111111111’s
$app_id, 'secret' => $app_secret, 'cookie' => true )); $signed_request = $facebook->getSignedRequest(); $page_id = $signed_request["page"]["id"]; $page_admin = $signed_request["page"]["admin"]; $like_status = $signed_request["page"]["liked"]; $country = $signed_request["user"]["country"]; $locale = $signed_request["user"]["locale"]; ?> In facebook canvas app where do I send the signed request parameter once I've captured it in log in
I'm using the javascript sdk. In the documentation it says that you get the signed request from the response object that FB.getLoginStatus() returns when the users status = connected, but now I need to parse the signed request. How do I send it to the php page I have the parse code on? Do I include the php code on my canvas app index page and then send the signedRequest to the code on same page? Or keep the code on separate pages and pass the SR. The first block of code is on my index.html page. It checks the login status and gets the signed request parameter from the response object. The second block is php code facebook provides for parsing the signed request when you capture it via the registratiton plug in, but the plug in automatically sends the SR to this page when you provide its url as a parameter. In the canvas app I have to pass it myself. How do I do that?
JavaScript
FB.getLoginStatus(function(response) < if (response.status === 'connected') < // the user is logged in and has authenticated your // app, and response.authResponse supplies // the user's ID, a valid access token, a signed // request, and the time the access token // and signed request each expire var uid = response.authResponse.userID; var accessToken = response.authResponse.accessToken; var signedRequest = response.authResponse.signedRequest; >else if (response.status === 'not_authorized') < // the user is logged in to Facebook, >else < // the user isn't logged in to Facebook. >>); PHP page
// check sig $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) < error_log('Bad Signed JSON signature!'); return null; >return $data; > function base64_url_decode($input) < return base64_decode(strtr($input, '-_', '+/')); >if ($_REQUEST) < $response = parse_signed_request($_REQUEST['signed_request'], FACEBOOK_SECRET); >$name = $response["registration"]["name"]; $email = $response["registration"]["email"]; $password = $response["registration"]["password"]; $uID = $response["user_id"]; ?> Saving Facebooks signed_request?
The situation
I am playing around with the new Facebook iFrame tabs on pages. I am using the signed_request to get some facts about the app, the page and the user. To challenge
Facebook provides the signed_request params via $_REQUEST only on the first call of the iframe. The problem is to access the parms a second time e.g. for an ajax request. This is how i did it
I extended the PHP SDK like this to store the signed_request in a cookie.
/** * The name of the Cookie that contains the session. * @return String the cookie name */ protected function getSessionSignedRequestCookieName() < return 'fbs_sr_' . $this->getAppId(); > /** * Saves the signed_request as a browser coookie * @return void; */ protected function saveSignedRequestAsCookie($signedRequest) < $cookieName = $this->getSessionSignedRequestCookieName(); setcookie($cookieName, serialize($signedRequest)); > /** * Returns the SigndRequest from $_COOKIE * @return array */ public function getSignedRequestFromCookie() < $cookieName = $this->getSessionSignedRequestCookieName(); if(isset($_COOKIE[$cookieName])) < $this->signedRequest = $_COOKIE[$cookieName]; return unserialize($this->signedRequest); > else < return NULL; >> /** * Returns the data from a signed_request token provided by $_REQUEST or $_SESSION * @return array The decoede signed Request */ public function getSignedRequest() < $signedRequest = parent::getSignedRequest(); if($signedRequest != NULL) < $this->saveSignedRequestAsCookie($signedRequest); return $signedRequest; > else < return $this->getSignedRequestFromCookie(); > > Hi, I like your piece of code. I used it to get the signed request. But I get this error: Fatal error: Cannot access parent:: when current class scope has no parent in Any idea why? Thanks Dibs
erikaheidi / facebook_signed_request.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| function parse_signed_request($signed_request, $secret) |
| list($encoded_sig, $payload) = explode('.', $signed_request, 2); |
| // decode the data |
| $sig = base64_url_decode($encoded_sig); |
| $data = json_decode(base64_url_decode($payload), true); |
| if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') |
| error_log('Unknown algorithm. Expected HMAC-SHA256'); |
| return null; |
| > |
| // check sig |
| $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); |
| if ($sig !== $expected_sig) |
| error_log('Bad Signed JSON signature!'); |
| return null; |
| > |
| return $data; |
| > |
| function base64_url_decode($input) |
| return base64_decode(strtr($input, '-_', '+/')); |
| > |
| /* working code using the functions bellow */ |
| if(!empty($_REQUEST["signed_request"])) |
| $data = parse_signed_request($_REQUEST["signed_request"], "YOUR_APP_SECRET"); |
| print_r($data); |
| if (!empty($data["page"]["liked"])) |
| /* do whatever you want to do here for users who liked your page, like showing special content */ |
| echo "Thanks for liking our fan page!"; |
| > |
| > |