PHP SDK Demystified – What is Signed Request?

In the last article “PHP SDK Demystified – A Closer Look at the getSession() Call“, we have learnt how the PHP SDK will try to build / load the session.

At that time, we have touched on the “Signed Request”. In you want to know more about signed request, take a look at Facebook documentation here.

Extracting from that doc,

When you are writing a Facebook canvas application, you often need information from Facebook such as which user is logged in to your application or whose profile the user is viewing. Facebook sends you this information as a JSON object encoded in the signed_request parameter as follows:

  • user
    A JSON array containing the locale and country of the current user. The locale and country are always available
  • user_id
    The Facebook user identifier (UID) of the current user. The user_id is only available after the user authorizes your application.
  • profile_id
    Contains the Page ID if your app is loaded in a Page tab. Only available if your app is loaded in a Page tab.
  • algorithm
    The mechanism used to sign the request. Always available.
  • issued_at
    The Unix timestamp when the request was signed. Always available.
  • oauth_token
    An opaque string that you can pass to the Graph API or the Legacy REST API. Available when the user has authorized your application.
  • expires
    The Unix timestamp when the oauth_token expires. Available when the user has authorized your application.

If the user has not yet authorized your application, your application will only be passed a subset of the above information. If the signed_request does not contain the user_id parameter, you should prompt the user to authorize your app. You can use one of several different ways to handle authorization ranging from the Login Button to manually performing the OAuth2.0 flow your Web server.

The sample PHP code there is actually part of the PHP SDK!

After reading that documentation, open the source code of the php SDK and take go through the function getSignedRequest() and parseSignedRequest().

About takwing

A moderator of the Official Facebook Developer Forum.
This entry was posted in PHP SDK Demystified and tagged . Bookmark the permalink.

6 Responses to PHP SDK Demystified – What is Signed Request?

  1. Hi ! I like your article. I will post it on my facebook. Visit my blog ! Loking forward to read next one in close future

  2. Found this on Bing and I’m glad I did. Interesting article.

  3. Vig Rx says:

    It’s arduous to search out knowledgeable folks on this topic, but you sound like you recognize what you’re talking about! Thanks

  4. Cialis says:

    I’m impressed, I must say. Really hardly ever do I encounter a weblog that’s each educative and entertaining, and let me inform you, you may have hit the nail on the head. Your concept is outstanding; the issue is something that not sufficient individuals are talking intelligently about. I am very happy that I stumbled across this in my search for something referring to this.

  5. Thank’s for sharing this great post, it helps a lot.=)

  6. thank you!! very greatfull help…

Leave a Reply

Your email address will not be published. Required fields are marked *