Reputation: 3118
Facebook decoded signed_request contains extra data which isn't mentioned in the documentation
I have a Facebook signed_request which is received by subscribing to the auth.login event and after the user logs in using the facebook login button
After I decode the signed_request I have the following information in it:
{'issued_at': 1318492701,
'code': 'AQCXI5aiyYtYLFNtkYhtKwDhO02lP[truncated]',
'user_id': '100000xxxxxxxxx',
'algorithm': 'HMAC-SHA256'}
I cannot find in the signed_request documentation. What is this code and what's its use?
I thought it might be used to obtain an authorization code as stated in this thread but along with the signed_request I also receive an access token for the user in the response from the login event.
Upvotes: 5
Views: 1215
Answers (4)
Reputation: 1598
This is the signed_request from the JavaScript SDK, right? The code is used by the SDK but isn't for the Server-side Authentication. Actually, we will update the documentation to reflect the signed_request behaviors.
Upvotes: 1
Reputation: 1464
You have to visit this facebook offical doc and read "signed_request Parameter" and its below text for the code which you get after decoding signed_request
Upvotes: 0
Reputation: 1289
that code is useful to get information about users who installed your app
but anyway tell me which information is needed for you then i can give you sample code
well, if you check your posted code again you see you have user id so you do not need to use access token for this
but anyway for getting basic information & any other information or posting & deleting you have two ways :
first:do it directly (no need to sdk,but harder) second: via sdk (its easy) i recommend to you to use sdk & if your server side programming language is PHP you can do this for getting basic information
<?php
include_once ('src/facebook.php');/// include sdk
////// config The sdk
@ $facebook = new Facebook(array(
'appId' => '*************',
'secret' => '*****************',
));
$user=$facebook->api('me','GET');
echo '<pre>';
print_r($user);
echo '</pre>';
?>
for downloading download php sdk
https://developers.facebook.com/docs/reference/php/
Upvotes: 1
Reputation: 4348
I don't know why they don't mention use of the code on the documentation page for signed requests. The code can be exchanged for an access token that is the key to making any subsequent Facebook API requests.
Relevant documentation is here: https://developers.facebook.com/docs/authentication/
With this code in hand, you can proceed to the next step, app authentication, to gain the access token you need to make API calls.
In order to authenticate your app, you must pass the authorization code and your app secret to the Graph API token endpoint - along with the exact same redirect_uri used above - at https://graph.facebook.com/oauth/access_token. The app secret is available from the Developer App and should not be shared with anyone or embedded in any code that you will distribute (you should use the client-side flow for these scenarios).
Upvotes: 2
Related Questions
- Decode Facebook signed request using Javascript
- Facebook signed request decoding hash does not appear to match exactly
- Facebook graph API 2.1 signed request values
- Facebook signed_request Invalid
- Incomplete signed request json string?
- ASP.NET [Facebook API] - Reading a signed_request (only given in docs as PHP)
- Can't parse signed_request for Facebook registration form
- Caching Facebook tabs and decrypting the signed_request
- Why FB sends code param when it sends signed_request too after user athorization?
- Why Facebook token is different in signed_request and in app settings?