Php – Cannot access Facebook signed_request with an iframe tab

facebookfacebook-php-sdkPHP

I've got an iframe loading in a facebook tab on a fan page and I'm not having any luck accessing the $_REQUEST["signed_request"] object. I'm confused because this is supposed to be a freebie and easily accessible. I've read and re-read the facebook docs and rechecked my facebook application settings but nothing is working.

isset($_REQUEST['signed_request']

is always false. Since I'm using the Facebook PHP sdk I've also tried

$facebook->getSignedRequest();

I've done print_r on the $_REQUEST and I don't see the signed_request in there. When I print_f the $facebook object, I see that the signedRequest is empty

[appId:protected] => XXX
[apiSecret:protected] => XXXXXXXXXXXXXXXXXXXX
[session:protected] => Array

        [access_token] => XXXXXXXXXX|2.h75WqKxcA1xbNPufFvpKQQ__.3600.1304452800.1-726960374|JiO0ZS30SyLaApeqhMtdocK8B_Y
        [base_domain] => XXXXXXXXX
        [expires] => 1304452800
        [secret] => rDF9C_z43_EUFy0Q_e6tyQ__
        [session_key] => 2.h75WqKxcA1xbNPufFvpKQQ__.3600.1304452800.1-726960374
        [sig] => 1971ef7eb8057c7404eae1f82d770ab5
        [uid] => XXXXXXXXXXXXXXX


[signedRequest:protected] => 
[sessionLoaded:protected] => 1
[cookieSupport:protected] => 1
[baseDomain:protected] => 
[fileUploadSupport:protected] =>

[EDIT]
I do have the OAuth 2.0 setting enabled for the application.

Best Answer

OK, just had this on problem myself and found the issue.

Make sure that you do not have a 301 redirect on the canvas or tab page. In my case I set the app up as "mydomain.com/facebook/tab/" but my site was doing a 301 to "www.mydomain.com/facebook/tab/"

The content would show, bit the 301 caused the signedRequest to be null.

Added "www" to my domain in the app settings and the signedRequest now contains the data I was looking for.

Related Solutions

Php – How to Read/ Parse Data of Signed_Request from Registration Script in Php 5.1.6

You don't need the PHP SDK for this. It may make it easier to do this and various other things, but it is not necessary if you want to do the decode yourself.

Are you sure you actually have a json_decode function? I don't think it's usually part of jsonwrapper.php, so I suspect your script is crashing on that function call. You can use the following function as a substitute, just change the call to usr_json_decode and include the following at the bottom of your script:

function usr_json_decode($json, $assoc=FALSE, $limit=512, $n=0, $state=0, $waitfor=0)
{
  $val=NULL;
  static $lang_eq = array("true" => TRUE, "false" => FALSE, "null" => NULL);
  static $str_eq = array("n"=>"\012", "r"=>"\015", "\\"=>"\\", '"'=>'"', "f"=>"\f", "b"=>"\b", "t"=>"\t", "/"=>"/");
  for (; $n<strlen($json); /*n*/)
    {
    $c=$json[$n];
    if ($state==='"')
      {
      if ($c=='\\')
        {
        $c=$json[++$n];
        if (isset($str_eq[$c]))
          $val.=$str_eq[$c];
        else if ($c=='u')
          {
          $hex=hexdec(substr($json, $n+1, 4));
          $n+=4;
          if ($hex<0x80) $val .= chr($hex);
          else if ($hex<0x800) $val.=chr(0xC0+$hex>>6).chr(0x80+$hex&63);
          else if ($hex<=0xFFFF) $val.=chr(0xE0+$hex>>12).chr(0x80+($hex>>6)&63).chr(0x80+$hex&63);
          }
        else
          $val.="\\".$c;
        }
      else if ($c=='"') $state=0;
      else $val.=$c;
      }
    else if ($waitfor && (strpos($waitfor, $c)!==false))
      return array($val, $n);
    else if ($state===']')
      {
      list($v, $n)=usr_json_decode($json, $assoc, $limit, $n, 0, ",]");
      $val[]=$v;
      if ($json[$n]=="]") return array($val, $n);
      }
    else
      {
      if (preg_match("/\s/", $c)) { }
      else if ($c=='"') $state='"';
      else if ($c=="{")
        {
        list($val, $n)=usr_json_decode($json, $assoc, $limit-1, $n+1, '}', "}");
        if ($val && $n) $val=$assoc?(array)$val:(object)$val;
        }
      else if ($c=="[")
        list($val, $n)=usr_json_decode($json, $assoc, $limit-1, $n+1, ']', "]");
      elseif (($c=="/") && ($json[$n+1]=="*"))
        ($n=strpos($json, "*/", $n+1)) or ($n=strlen($json));
      elseif (preg_match("#^(-?\d+(?:\.\d+)?)(?:[eE]([-+]?\d+))?#", substr($json, $n), $uu))
        {
        $val = $uu[1];
        $n+=strlen($uu[0])-1;
        if (strpos($val, ".")) $val=(float)$val;
        else if ($val[0]=="0") $val=octdec($val);
        else $val=(int)$val;
        if (isset($uu[2])) $val*=pow(10, (int)$uu[2]);
        }
      else if (preg_match("#^(true|false|null)\b#", substr($json, $n), $uu))
        {
        $val=$lang_eq[$uu[1]];
        $n+=strlen($uu[1])-1;
        }
      else
        {
        return $waitfor ? array(NULL, 1<<30) : NULL;
        }
      }
    if ($n===NULL) return NULL;
    $n++;
    }
  return ($val);
}

BTW though, this should be very easy to track down using your error log, turning on extra debugging and adding some echo or var_dump statements as necessary.

Facebook – Not receiving signed_request in Facebook iframe-app

I just had a similar problem. In my case the problem was that in the app config i had not put a slash at the end of the tab URL which was referencing a directory (with an index.php in it). So i got a redirect to the same URL with a slash at the end and lost the $_POST this way.

Related Topic