All geek questions in one place

Facebook app - get signed_request with JavaScript

I have a FaceBook app.

Is there a way to get signed_request with JavaScript?

With PHP it looks like this: $_REQUEST['signed_request'] , but I can't use php.

+6
source share
3 answers

In the FB JavaScript SDK, you can use FB.getLoginStatus to get a signed request.

That is, if the user logs into your application / website.

If you cannot call the FB.login method.

Link: http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/

NEXT TO YOUR COMMENT:

Hi,

I think you should try recording the response to the console.

Answer. The state must be equal to "connected" if the user is logged in. It will always return true, since the value will be returned in this response parameter.

The magazine will look like this

 { status: 'connected', authResponse: { accessToken: '...', expiresIn:'...', signedRequest:'...', userID:'...' } }

To check what happens, try the following:

 if(response.status == 'connected'){ // user is logged and signed_request is accessible // with response.authResponse.signedRequest }else{ // user not logged in, request them to login FB.login(function(response){ ... }); }
+2
source

From the Facebook documentation :

The signed request is sent via HTTP POST to the URL specified as your canvas URL in the application bar.

[emphasis author]

You cannot directly get POST data via JavaScript:

POST data must be received by the server . As a conclusion, the browser does not provide access to this data, accepting a server that displays data in the client code. Related question: How to read POST request parameters using JavaScript

Now why is this so? I believe the reason is safe . Imagine that you are sending a password in a POST request to your server and some kind of malicious JavaScript plugin that you use in your application to read this data and send it to your own malicious server. It would be nice.

In your case, the POST data, including signed_request , is sent to your application via HTTP POST via Facebook, requesting your application page via the Canvas URL specified in the application panel or through the redirect URL that you specified using the Registration Plugin . You can access it through FB.getLoginStatus . Prerequisites are: you either use the canvas application (you are inside Facebook with the page tab or the Canvas application), or the Registration Plugin . Be sure to select the status at the specified URL. Related Questions: How to send message in iframe? and getSignedRequest is null if not on the tab

Also try calling FB.getLoginStatus with the second parameter set to true in order to force switching to Facebook - effectively update the cache of the response object and solve problems with users who have logged in (or from) Facebook, since the last full session or uninstallation of the application in the settings account:

 FB.getLoginStatus(function(response) { // this will be called when the roundtrip to Facebook has completed }, true);

Also check this question - it can help: Facebook signed iframe request is always empty

+2
source

Getting a signed request using javascript from facebook is different from the value in $ _REQUEST ['signed_request']

what you can do is save $ _REQUEST ['signed_request'] into a javascript variable and pass it through ajax to php.

eg

 var signedRequest = <?php echo $_REQUEST['signed_request'] ?>

// then run the jsonp request.

you can use my service though if you want.

HOW TO USE: just run jsonp request on this

 https://websta.me/fbappservice/parseSignedRequest/<append signed request here>

if success returns something like this

 { "algorithm": "HMAC-SHA256", "issued_at": xxxxx, "page": { "id": "xxxxxxx", "admin": true, "liked": false }, "user": { "country": "jp", "locale": "en_US", "age": { "min": xx } }

if it fails:

 Bad signed Json Signature

happy coding !!

0
source

Source: https://habr.com/ru/post/902590/

More articles:


All Articles