|
||||||||
PHP to perform authenticationNOTE: The signed_request parameter is utilized to share information between Facebook and app in a number of different scenarios:
The signed_request parameter is the concatenation of a HMAC SHA-256 signature string, a period (.), and a base64url encoded JSON object. It looks something like this (without the newlines): vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso . eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0 NOTE: Because of the way that we currently load iframes for Apps on Facebook.com, it is important that you navigate the top window of the user's browser to the OAuth Dialog. Many apps do this by sending a script fragment to the user's browser setting the top.location.href property to the dialog URL. Please see the PHP example at the end of this section for an example. Here is some code to do "authentication" via access of the signed_request parameter and prompt the user to authorize your app: <?php $app_id = "YOUR_APP_ID"; $canvas_page = "YOUR_CANVAS_PAGE_URL"; $auth_url = "http://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . urlencode($canvas_page); $signed_request = $_REQUEST["signed_request"]; // this will be passed automatically (see above) to list($encoded_sig, $payload) = explode('.', $signed_request, 2); $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true); if (empty($data["user_id"])) { // if no data given about user in signed_request info then ask user // facebook will return to the canvas_page as a "call back " url |
||||||||
© Lynne Grewe |