Blog Not just another WordPress weblog


User ID from Facebook application installed on profile tab

Facebook platform does not give direct access to the user ID through a (Ajax or http form)post from an application installed on a profile tab(mainly fan page, Facebook removing user's profile tab soon). So application installed on a profile tab can not record user activity, can not get the user to permit the application either.

But, using the new OAuth 2.0 for canvas pages, it is pretty easy and efficient. This feature could be activated from the applications advanced settings. Once activated the platform sends only one POST variable called signed_request. I found the following code on the developer's forum. This code can re-generate the viewing user ID. If the ID is not present, the user never provided(added) the application!

function parse_signed_request($signed_request, $secret) {
 list($encoded_sig, $payload) = explode('.', $signed_request, 2); 
 // decode the data
 $sig = $this->base64_url_decode($encoded_sig);
 $data = json_decode($this->base64_url_decode($payload), true);
 if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
  error_log('Unknown algorithm. Expected HMAC-SHA256');
  return null;
 // check sig
 $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
 if ($sig !== $expected_sig) {
  error_log('Bad Signed JSON signature!');
  return null;
 return $data;
function base64_url_decode($input) {
 return base64_decode(strtr($input, '-_', '+/'));

Comments (10) Trackbacks (0)
  1. did you try this? my application tab does not work anymore if i activate the “OAuth 2.0 for Canvas (beta)” option in the app settings (without any other change), it just shows the preloader animation forever.
    is there any other way to get the user id and the name of the user on a profile tab? i read that the user has to interact once to get his id, but how exactly does it work?

  2. You may get them to “Like” your page first. I am pretty sure you know about this, but try echo “"; print_r($_REQUEST); echo ""; and see what exactly Facebook is posting to your canvas page.

  3. A few comments:

    First references to $this->base64_url_decode should just be base64_url_decode

    Secondly, it DOES NOT provide the uid of the user on a page tab. Since profile tabs are going away, getting the uid on the page tab would be awesome, but it is not available.

    Facebook does not reveal the uid unless you are viewing an application. Annoying, but I hope this stops you spending hours looking for a solution that currently does not exist.

  4. Yeah you are right Michael! But this was part of my CI controller and I forgot to take off the $this reference! Thanks for pointing that out.

  5. This does nothing but give you .. [fb_sig_profile_user] which is readily accessible via the $_REQUEST vars.

  6. when i run this code i show me this error syntax error, unexpected T_FUNCTION


    where i can found the secret key

    can i help me


  7. This article is a complete red herring I’m afraid. Facebook keep secret the identity of users viewing your tabs, unless they interact with them. Until then, all you will get is information about the application running in the tab.

  8. I create a tab which is ( ADMINS ONLY ) in this tab i add comment box , now what i want to do that only admin or selected user can post there comment in the box.

    please tell me the FBML code.

    Please please please.

  9. The signed Request only returns the page’s information and not the viewing user’s information. So far it appears that this is no longer possible in FBML apps. Start migrating to IFRAME Profile Tabs!

  10. Hi,
    Please help to find user id on fan page tab. I parsed the signed request but it is providing only page information and page profile id etc. How can i find the user id. Please help me. I have added the tab through FBML application.

Leave a comment


No trackbacks yet.