New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should it take care of fbsr_{app_id} cookie value? #1

oklahomer opened this Issue Apr 17, 2014 · 2 comments


None yet
1 participant
Copy link

oklahomer commented Apr 17, 2014

When combined w/ JS SDK, it whould be better if this module takes care of the cookie value that is set by JS SDK since it can skip the process to acquire code parameter by redirecting user to login dialog. Cookie name seems to be in a form of fbsr_{app_id} and the value can be parsed w/ parse_signed_request().

@oklahomer oklahomer self-assigned this Apr 17, 2014


This comment has been minimized.

Copy link

oklahomer commented Apr 20, 2014

To keep its implementation simple, I’m thinking to add a method that just returns cookie name. This way I don’t have to take care of what modules developer is using to handle request header and cookie. Developers should be able to access cookie value and parse it with some code below:

if(my $cookie = $c->req->cookie( $fb->js_cookie_name )) {
    my $val = $fb->parse_signed_request($cookie);
    my $token_ref = $fb->get_user_token_by_code($val->{code})
else {
    return $c->redirect( $fb->auth_uri );

This comment has been minimized.

Copy link

oklahomer commented Apr 22, 2014

It appears that this cookie is set when following conditions meet:

  • user has authorized your app
  • FB.init() with cookie: true option is called

As long as these are satisfied cookie is set/updated on every FB.init() call.

Parsing signed request should be as easy as my previous comment. Parsed content should be something like below:

    "algorithm": "HMAC-SHA256",
    "issued_at": 1398180151,
    "code": "SOME_OPAQUE_STRING",
    "user_id": 44007581

The next step, get_user_token_by_code(), has a problem; this method requires $fb->redirect_uri to be set. With the code extracted from the signed_request, redirect_uri must be empty string. When some string is given Facebook returns the error below:

100:- OAuthException:Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request

When redirect_uri is totally missing it says:

191:- OAuthException:Missing redirect_uri parameter.

So you must set empty string as redirect_uri value to get correct response

    "access_token" : "new_token_string_qwerty",
    "expires" : 5752

I must do something about get_user_token_by_code()'s implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment