All geek questions in one place

Facebook Connect: Intermittent: Bad JSON Signature

I am using a Facebook connection. Over 50% of registrations receive a "Bad Signed JSON" signature. error. What causes this problem and how is it fixed?

Here is the code:

function parse_signed_request($signed_request, $secret) { list($encoded_sig, $payload) = explode('.', $signed_request, 2); // decode the data $sig = base64_url_decode($encoded_sig); $data = json_decode(base64_url_decode($payload), true); if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') { error_log('Unknown algorithm. Expected HMAC-SHA256'); header('location: /volunteerregistration?error=Facebook has failed to connect. Unknown algorithm. Expected HMAC-SHA256 Please register with Omprakash below. '); exit; } // check sig $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) { error_log('Bad Signed JSON signature!'); header('location: /volunteerregistration?error=Facebook has failed to connect. Bad Signed JSON signature. Please register with Omprakash below.'); exit; } return $data; }

Thanks!

+4
source share
3 answers

the same problem was solved by checking the given app_secret on the api. I copied an invisible sign / symbol

+1
source

50% of the registrations you make with well-known good accounts .... or 50% of the registration on a website in the wild? If itโ€™s in the wild, I would suggest that it wasnโ€™t able to hack attempts ... trying to find sites that donโ€™t have additional verification $sig !== $expected_sig , as your secure site does. :)

0
source

I think this could happen because your Apache server does not support the CURL library. Open php.ini, find "; extension = php_curl.dll", and then remove ";" this means your php curl uncommented.

-1
source

Source: https://habr.com/ru/post/1388495/

More articles:


All Articles