5

根据Facebook - Authentication within a Canvas Page Document,他们说我们将得到一个由一个JSON对象组成的signed_request。现在他们说signed_request可以通过$_POST['signed_request']我同意它为我工作。如何阅读Facebook的signed_request获取user_id

现在根据他们,如果用户登录我会得到这样一个JSON对象值: -

{ 
    "expires":UNIXTIME_WHEN_ACCESS_TOKEN_EXPIRES, 
    "algorithm":"HMAC-SHA256", 
    "issued_at":UNIXTIME_WHEN_REQUEST_WAS_ISSUED, 
    "oauth_token":"USER_ACCESS_TOKEN", 
    "user_id":"USER_ID", 
    "user":{ 
    "country":"ISO_COUNTRY_CODE", 
    "locale":"ISO_LOCALE_CODE", 
    ... 
    } 
} 

现在我想取user_id出这个所以我用这块代码但它不工作: -

if(isset($_POST['signed_request'])) 
{ 
    echo 'YES'; 
    $json = $_POST['signed_request']; 
    $obj = json_decode($json); 
    print $obj->{'user_id'};  
} 

它只是打印YES。为什么这样?

我读过的地方没有应用程序认证,我将无法提取user_id,但根据facebook,这是第一步,认证应用程序将是第四。我对此很陌生,如果有人能帮助我,这将会非常有帮助。谢谢。

+0

如果你做了一个'print_r($ _ POST)',你看到了什么? – Brad 2012-08-15 16:35:08

+0

当你尝试'print_r($ _ POST)'时,你实际看到了什么? – Brad 2012-08-15 16:38:23

+0

@Brad当我'的print_r($ _ POST [ 'signed_request']);'我得到的正是这种价值'cnMQQpKShmtfcXXEAjNrazO7AZxAqCuZ0aIA-K1L-P8.qgytuisdhrl0aG0iOiJITUFDLVNIQTI1NiI sImV4cGlyZXMiOjEzNDUwNTM2MDAsImlzc3VlZF9hdCI6MTM0NTA0ODYwOCpoemi1dGhfdG9rZW4iOiJB QUFFOGZCWW1sN2NCQUJHVWZIb1VZUGdMcngwdjBURFlSdVFiNHNQR2pSMDRUNnZKZHkzWkFYU2RBYWNiV nFtMHJRZTFKZ2lrWkFRWkFJR2RPb0JuQ0JiVGxLOGpuUXlCSVpDWkJsWHdzWG5XbHg5VVZEV1dkIiwicG FnZSI6eyJpZCI6IjI2OTY3MDc5NjQ4MDcxOCIsImxpa2VkIjpmYWxzZSwiYWRtaW4iOmZhbHNlfSwidXN lciI6eyJjb3VudHJ5IjoiaW4iLCJsb2NhbGUiOiJlbl9JTiIsImFnZSI6eyJtaW4iOjIxfX0sInVzZXJf aWQiOiIxNTc2NDU1NjQ5In0' – 2012-08-15 16:39:39

回答

2

我认为它在json_decode($json)失败,因为$json不是一个有效的json字符串,正如您在关于print_r($_POST['signed_request']);的注释中提到的那样。

根据Facebook - Authentication within a Canvas Page Document,所述signed_request参数被编码和,解析signed_request串将产生JSON对象。

如果您使用的是PHP SDK,就像Abhishek在评论中说的那样,$facebook->getSignedRequest();会给你解码的json。

here有关签名的请求的详细信息

+0

嘿,我可以通过iframe中的app_id获取'url',以在Facebook标签中打开 – 2013-07-15 06:40:25

6

如果你不想与FB SDK工作,你可以使用此代码段将得到USER_ID和其他变量(段从https://developers.facebook.com/docs/facebook-login/using-login-with-games/

function parse_signed_request($signed_request) { 
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    // decode the data 
    $sig = base64_url_decode($encoded_sig); 
    $data = json_decode(base64_url_decode($payload), true); 

    // confirm the signature 
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); 
    if ($sig !== $expected_sig) { 
    error_log('Bad Signed JSON signature!'); 
    return null; 
    } 

    return $data; 
} 

function base64_url_decode($input) { 
    return base64_decode(strtr($input, '-_', '+/')); 
} 
-1

,你可以使用我的服务

如何使用: 刚刚火JSONP请求该

https://websta.me/fbappservice/parseSignedRequest/<append signed request here> 

如果成功,它将返回这样的事情

{ 
"algorithm": "HMAC-SHA256", 
"issued_at": xxxxx, 
"page": { 
    "id": "xxxxxxx", 
    "admin": true, 
    "liked": false 
}, 
"user": { 
    "country": "jp", 
    "locale": "en_US", 
    "age": { 
     "min": xx 
    } 
} 

如果失败,会输出:

Bad signed Json Signature 

编码快乐!

3

旧帖子我知道但想给Art Geigel的答复添加一个回复(我不能直接评论它)。

你的代码片段缺失行,

$secret = "appsecret"; // Use your app secret here 

和完整的片段,

function parse_signed_request($signed_request) { 
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    $secret = "appsecret"; // Use your app secret here 

    // decode the data 
    $sig = base64_url_decode($encoded_sig); 
    $data = json_decode(base64_url_decode($payload), true); 

    // confirm the signature 
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); 
    if ($sig !== $expected_sig) { 
     error_log('Bad Signed JSON signature!'); 
     return null; 
    } 

    return $data; 
} 

function base64_url_decode($input) { 
    return base64_decode(strtr($input, '-_', '+/')); 
} 

要回答原来的问题

要从signed_request获取数据,包括以上功能和...

$data = parse_signed_request($_POST['signed_request']); 

echo '<pre>'; 
print_r($data); 
相关问题