Cannot read parent url query string

Question

I have a problem integrating my app with facebook. I am trying to read the $_REQUEST['code']. It is present in the URL but it is returning empty. Probably since my code resides in the Facebook iFrame. Is there a way to read the parent URL query string inside iFrame?

Answer 1

To make a working app, you don't need to access that information.

In your canvas app, just decode the signed_request parameter Facebook HTTP Posts to you. In PHP it is very easy to decode.

See http://developers.facebook.com/docs/authentication/signed_request/ for more information.

function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $data = json_decode(base64_url_decode($payload), true);

  if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
  }

  // check sig
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }

  return $data;
}

function base64_url_decode($input) {
  return base64_decode(strtr($input, '-_', '+/'));
}

If you use the PHP SDK, the SDK will do this heavy lifting for you. See: https://github.com/facebook/php-sdk/