PHP to perform authentication

CLICK HERE FOR EXAMPLE

NOTE: The signed_request parameter is utilized to share information between Facebook and app in a number of different scenarios:

• A signed_request is passed to Apps on Facebook.com when they are loaded into the Facebook environment
• A signed_request is passed to any app that has registered an Deauthorized Callback in the Developer App whenever a given user removes the app using the App Dashboard
• A signed_request is passed to apps that use the Registration Plugin whenever a user successfully registers with their app

The signed_request parameter is the concatenation of a HMAC SHA-256 signature string, a period (.), and a base64url encoded JSON object. It looks something like this (without the newlines):

vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso  
.  
eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0  

<?php

     $app_id = "YOUR_APP_ID";

     $canvas_page = "YOUR_CANVAS_PAGE_URL";

     $auth_url = "http://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . urlencode($canvas_page);

     $signed_request = $_REQUEST["signed_request"]; // this will be passed automatically (see above) to
                                                                                     // your app when user invokes

     list($encoded_sig, $payload) = explode('.', $signed_request, 2);

     $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

     if (empty($data["user_id"])) { // if no data given about user in signed_request info then ask user
                                                  // to authorize your app to get it

              // facebook will return to the canvas_page as a "call back " url
             //and pass the new signed_request
            echo("<script> top.location.href='" . $auth_url . "'</script>");
     } else {
            echo ("Welcome User: " . $data["user_id"]);
     }
 ?>