Is the Facebook canvas tutorial missing something?

Question

Possible Duplicate:
Why do I get an undefined index for signed_request in my facebook app?

I posted a question on the regular SO that is very similar but then found the facebook SO.

If I copy and paste this code from the facebook canvas tutorial page:

 <?php 

     $app_id = "YOUR_APP_ID";

     $canvas_page = "YOUR_CANVAS_PAGE_URL";

     $auth_url = "http://www.facebook.com/dialog/oauth?client_id=" 
            . $app_id . "&redirect_uri=" . urlencode($canvas_page);

     $signed_request = $_REQUEST["signed_request"];

     list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

     $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

     if (empty($data["user_id"])) {
            echo("<script> top.location.href='" . $auth_url . "'</script>");
     } else {
            echo ("Welcome User: " . $data["user_id"]);
     } 
 ?>

How can I ever get the signed_request if the $auth_url is never called? Or maybe I don't understand PHP. It creates the $auth_url but never goes and gets it, so $signed_request is never populated. What am I doing wrong?

EDIT: It is because I am stupid and was not accessing it via apps.facebook.com and instead going to http://mydomain.com...

FB.so is the same as SO. Try adding/removing facebook. from the beginning of the url. — bkaid, Sep 23 '11 at 20:51

score 0 · Answer 1 · answered Sep 23 '11 at 20:36

0

The key bit is here:

if (empty($data["user_id"])) {
            echo("<script> top.location.href='" . $auth_url . "'</script>");

That creates a script element that that directs the browser to load the auth_url if the user session is empty.

answered Sep 23 '11 at 20:36

steveax

17,527
6
44
59

score 0 · Answer 2 · answered Sep 23 '11 at 20:36

0

Are you sure you're browser isn't blocking that "top.location.href" javascript call? Try just echo/writeln the $auth_url for further inspection. If you could show us the "$auth_url" that it's retunring, that would/might help :)

answered Sep 23 '11 at 20:36

Weston Watson

5,344
6
24
25

score 0 · Answer 3 · answered Sep 23 '11 at 20:39

The '$auth_url' is only used to redirect the user in case he/she hasn't given permissions to your application.

The '$signed_request' is an encrypted data sent by facebook, the variable '$data' contains all this data decrypted as an associative array.

You don't need to care about '$signed_request' what you really need is in the '$data' variable which contains the user info that you probably will need.

Is the Facebook canvas tutorial missing something?

3 Answers3