2

I am trying to decode the signed request that comes from Facebook. I tried to use the below code using javascript, but I am not sure about the function to use for decoding and then parsing the JSON response. My Response object is signed_request and it contains the user profile information like name, gender, email, etc. I want to do something similar like this page shows in php: (Goto the section which says parsing the signed request) https://developers.facebook.com/docs/facebook-login/using-login-with-games/

   <script>
     $(document).ready(function () {    
       var signedRequest = $("h2").html();
       var data = signedRequest.split('.')[1];       
       data = JSON.parse(data);
       name = data.name;
       console.log(name);
     });

   </script>


 <body>
   <form id="form1" runat="server">
       <div>
        <% string name1 = Request.Params["signed_request"];%>
           <h2><%= name1 %></h2>
       </div>
   </form>
  </body>
Improve this question
3
  • can anyone help me with this? Commented Mar 1, 2014 at 20:44
  • Signed requests are base64 encoded (a version which is url safe), and you can follow the php description here - developers.facebook.com/docs/facebook-login/… Commented Mar 6, 2014 at 5:46
  • hey have you managed how to decode the signedRequest? can you tell me how? Thanks Commented Oct 20, 2015 at 10:11

2 Answers 2

Reset to default
1

According to facebook, we need to:

  1. Split the signed request into two parts delineated by a '.' character (eg. 238fsdfsd.oijdoifjsidf899)
  2. Decode the first part - the encoded signature - from base64url
  3. Decode the second part - the payload - from base64url and then decode the resultant JSON object

One method for parsing base64url in JavaScript is window.atob:

FB.getLoginStatus(res => {
  console.log(res)
  const parts = res.authResponse.signedRequest.split('.')
  const signature = window.atob(parts[0])
  const payload = window.atob(parts[1])
  console.log(signature, JSON.parse(payload))
});
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Signed requests are base64 encoded (a version which is url safe), and you can follow the php description here - https://developers.facebook.com/docs/facebook-login/using-login-with-games/

If you're extremely interested, you can look at how this is done in the JS SDK by searching through http://connect.facebook.net/en_US/all/debug.js for 'sdk.SignedRequest'.

Improve this answer

1 Comment

Thanks. the js file helped me understand how to decode it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.