1

Can somebody explain me what the difference between those two is? I thought they should return the same values, but what I get is:

$REQUEST['signed_request']

    NAqZcEqPisfOqf_3SyKf_zvLyiE_gjpyQIknmQ1xXpQ.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImFwcF9kYXRhIjoiMTAwMDAxNDcwODI3NzQxIiwiZXhwaXJlcyI6MTM1NDIzMDAwMCwiaXNzdWVkX2F0IjoxMzU0MjI0NDAyLCJvYXV0aF90b2tlbiI6IkFBQUdEMzVJM0k3VUJBRDZ3a1pCWkJXbFhidUFuUEdVMERTUW93R1pCSUI1NDE1Zkt1RjdaQ1JrNjFaQWF4ZExBeHVIRWNYS2N2WkJBSlRtN01BOGx3YmZaQXIyRWhtWkFNY3JkQXQ2WkNZZ3lTdFFaRFpEIiwicGFnZSI6eyJpZCI6IjQwMDQ3MDE3MDAwOTQ4NSIsImxpa2VkIjp0cnVlLCJhZG1pbiI6dHJ1ZX0sInVzZXIiOnsiY291bnRyeSI6ImRlIiwibG9jYWxlIjoiZW5fVVMiLCJhZ2UiOnsibWluIjoyMX19LCJ1c2VyX2lkIjoiNjA0MjA3Njk0In0

and getSignedRequest()

Array ( [algorithm] => HMAC-SHA256 [app_data] => 100001470827741 [expires] => 1354230000 [issued_at] => 1354224402 [oauth_token] => AAAGD35I3I7UBAD6wkZBZBWlXbuAnPGU0DSQowGZBIB5415fKuF7ZCRk61ZAaxdLAxuHEcXKcvZBAJTm7MA8lwbfZAr2EhmZAMcrdAt6ZCYgyStQZDZD [page] => Array ( [id] => 40047123009485 [liked] => 1 [admin] => 1 ) [user] => Array ( [country] => de [locale] => en_US [age] => Array ( [min] => 21 ) ) [user_id] => 2237694 )

Edit: Thanks to yellow I found out that the former is base64encoded. It can be decoded using this function:

function parse_signed_request($signed_request) {
 list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

 // decode the data
 $sig = base64_url_decode($encoded_sig);
 $data = json_decode(base64_url_decode($payload), true);

 return $data;
}

function base64_url_decode($input) {
  return base64_decode(strtr($input, '-_', '+/'));
}
4

2 回答 2

3

难道 $REQUEST['signed_request'] 是 base64url 编码的吗?您可以在此站点上阅读有关 signed_request 的更多信息:https ://developers.facebook.com/docs/howtos/login/signed-request/

于 2012-11-29T22:06:12.747 回答
1

getSignedRequest() 返回 $REQUEST['signed_request'] 的解析版本,这意味着它已被解码并验证哈希是否有效,以确保请求实际上来自 Facebook。

于 2012-11-29T22:10:22.720 回答