bakedproject.com Blog Not just another WordPress weblog

15Sep/1010

User ID from Facebook application installed on profile tab

Facebook platform does not give direct access to the user ID through a (Ajax or http form)post from an application installed on a profile tab(mainly fan page, Facebook removing user's profile tab soon). So application installed on a profile tab can not record user activity, can not get the user to permit the application either.

But, using the new OAuth 2.0 for canvas pages, it is pretty easy and efficient. This feature could be activated from the applications advanced settings. Once activated the platform sends only one POST variable called signed_request. I found the following code on the developer's forum. This code can re-generate the viewing user ID. If the ID is not present, the user never provided(added) the application!

function parse_signed_request($signed_request, $secret) {
 list($encoded_sig, $payload) = explode('.', $signed_request, 2); 
 
 // decode the data
 $sig = $this->base64_url_decode($encoded_sig);
 $data = json_decode($this->base64_url_decode($payload), true);
 
 if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
  error_log('Unknown algorithm. Expected HMAC-SHA256');
  return null;
 }
 
 // check sig
 $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
 if ($sig !== $expected_sig) {
  error_log('Bad Signed JSON signature!');
  return null;
 }
 
 return $data;
}
 
function base64_url_decode($input) {
 return base64_decode(strtr($input, '-_', '+/'));
}

9Sep/100

Facebook.streamPublish behaviour with permission

The Facebook.streamPublish FBJS method publishes a post into the stream on the Wall of a user or a Facebook Page, group, or event connected to the user (but not to the Wall of an application profile page). This method fires up FBJS dialog popup window, well that is when the application has permission(user added the application). If the user never added the application, this method actually fires up a browser popup, 90s style!

Filed under: FBJS, Facebook No Comments