How to use SessionFromSignedRequest?

[aroman]

Hi,

First of all, thanks so much for this package.

I am using it to provide a very simple oauth2 flow —I redirect a user to https://www.facebook.com/dialog/oauth?client_id=<client_id>&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauth%2Fin%2F.

In the handler for /auth/in I get the long-lived access_token by calling ParseCode(r.FormValue("code")). This works fine.

My question is, what is SessionFromSignedRequest for? On Facebook's documentation, it seems the only thing it's used for is Games: https://developers.facebook.com/docs/facebook-login/using-login-with-games/

Maybe I'm missing something, but can you explain how and why I should use SessionFromSignedRequest in a regular Facebook oauth2 site?

Thanks!

[huandu]

Hi @aroman

Signed request is only for app on facebook, not for websites using facebook login. It's a faster way to get access_token.

A signed request contains a valid access token and user id in its content. An app can use its secret to decrypt content and get them without sending any web request to facebook. Therefore, parsing signed request is much faster than parsing OAuth code.

If you just need to parse signed request, the ParseSignedRequest will work fine. SessionFromSignedRequest basically calls ParseSignedRequest and Session in a sequence. The reason I implement SessionFromSignedRequest is that I want to make best use of the user id parsed from signed request. If you call User on the session returned by SessionFromSignedRequest, the method will return the user id value without making any web request. It can be a significant performance improvement in some cases.

[huandu]

Hi @aroman

If you still have any question, feel free to re-open it and add more comments.