Skip to content

Instantly share code, notes, and snippets.

@underdown
Created May 1, 2012 18:10
Show Gist options
  • Select an option

  • Save underdown/2570159 to your computer and use it in GitHub Desktop.

Select an option

Save underdown/2570159 to your computer and use it in GitHub Desktop.
facebook login flow
<?php
define('FACEBOOK_APP_ID', 'xxxxxxxxxxxxxxx');
define('FACEBOOK_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxx');
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
echo '<p>signed_request contents:</p>';
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
echo '<pre>';
// logic for what to do with returned data here
print_r($response['registration']['name']);
echo "&nbsp";
print_r($response['registration']['email']);
echo '</pre>';
} else {
echo '$_REQUEST is empty';
}
?>
@onlinemarketresults

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment