0

Hey guys, just trying to decode my signed request.. I've done a bit of searching and haven't found a VB alternative..

The signed_request parameter is a concatenation of a HMAC SHA-256 signature string, a period (.) and a base64url encoded JSON object.

signed_request:

vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso
.
eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0

PHP function to decode request:

<?php
define('FACEBOOK_APP_ID', 'your_app_id');
define('FACEBOOK_SECRET', 'your_app_secret');

function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $data = json_decode(base64_url_decode($payload), true);

  if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
  }

  // check sig
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }

  return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

if ($_REQUEST) {
  echo '<p>signed_request contents:</p>';
  $response = parse_signed_request($_REQUEST['signed_request'], 
                                   FACEBOOK_SECRET);
  echo '<pre>';
  print_r($response);
  echo '</pre>';
} else {
  echo '$_REQUEST is empty';
}
?>

And the result is the decoded JSON object:

    {
   "oauth_token": "...big long string...",
   "algorithm": "HMAC-SHA256",
   "expires": 1291840400,
   "issued_at": 1291836800,
   "registration": {
      "name": "Paul Tarjan",
      "email": "[email protected]",
      "location": {
         "name": "San Francisco, California",
         "id": 114952118516947
      },
      "gender": "male",
      "birthday": "12/16/1985",
      "like": true,
      "phone": "555-123-4567",
      "anniversary": "2/14/1998",
      "captain": "K",
      "force": "jedi",
      "live": {
         "name": "Denver, Colorado",
         "id": 115590505119035
      }
   },
   "registration_metadata": {
      "fields": "[\n {'name':'name'},\n {'name':'email'},\n {'name':'location'},\n {'name':'gender'},\n {'name':'birthday'},\n {'name':'password',   'view':'not_prefilled'},\n {'name':'like',       'description':'Do you like this plugin?', 'type':'checkbox',  'default':'checked'},\n {'name':'phone',      'description':'Phone Number',             'type':'text'},\n {'name':'anniversary','description':'Anniversary',              'type':'date'},\n {'name':'captain',    'description':'Best Captain',             'type':'select',    'options':{'P':'Jean-Luc Picard','K':'James T. Kirk'}},\n {'name':'force',      'description':'Which side?',              'type':'select',    'options':{'jedi':'Jedi','sith':'Sith'}, 'default':'sith'},\n {'name':'live',       'description':'Best Place to Live',       'type':'typeahead', 'categories':['city','country','state_province']},\n {'name':'captcha'}\n]"
   },
   "user_id": "218471"
}

So does anyone see how to get from point A (php) to point B (VB version)?

Thanks in advance

Improve this question

2 Answers 2

Reset to default
1 
Dim FBAppID As String, FBSecret As String
    FBAppID = AppSettings.Item("FBAppID")
    FBSecret = AppSettings.Item("FBSecret")

    Dim FBCookie = HttpContext.Current.Request.Cookies("fbs_" + FBAppID)
    If FBCookie Is Nothing Then
        Return ""
    End If

    Dim FBCookieString As String = FBCookie.Value.ToString
    FBCookieString = FBCookieString.Substring(1, FBCookieString.Length - 2) 'remove the quotes at the beginning and end
    Dim Sig As String = ""
    Dim UserID As String = ""
    Dim Payload = ""
    For Each FBKey In FBCookieString.Split("&")
        Dim EqPos As Integer = FBKey.IndexOf("=")
        Dim Key As String = FBKey.Substring(0, EqPos)
        Dim Value = HttpContext.Current.Server.UrlDecode(FBKey.Substring(EqPos + 1))
        If Key = "sig" Then Sig = Value Else Payload += HttpContext.Current.Server.UrlDecode(FBKey)
        If Key = "uid" Then UserID = Value
    Next
    If Sig <> "" Then
        If Sig.ToUpper <> System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Payload + FBSecret, "MD5") Then
            Return ""
        Else
            Return UserID.ToString()
        End If
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

to get this from post and not cookie in vb asp.net:

<%@ Page Language="vb" %>

<%
Dim strSignedRequest As String
strSignedRequest = Request("signed_request")

If String.IsNullOrEmpty(strSignedRequest) = False Then       
    Dim arrayRequest As Array
    arrayRequest = Split(strSignedRequest, ".")

    Dim strPayload As String
    strPayload = arrayRequest(1)
    strPayload = Replace(strPayload, "-", "+")
    strPayload = Replace(strPayload, "_", "/")

    ' padding, FromBase64String() will barf if the string is the wrong length so we need    to pad it with =
    strPayload = strPayload.PadRight(strPayload.Length + (4 - strPayload.Length Mod 4) Mod 4, "="C)

    Dim bytSignedRequest As Byte()
    bytSignedRequest = Convert.FromBase64String(strPayload)

    Dim strJson As String
    strJson = Encoding.UTF8.GetString(bytSignedRequest)

    'Response.Write("encoded: " & strPayload)
    Response.Write("decoded: " & strJson)

End If

%>

you would then handle the resulting json strJson with whatever json parsing lib to access by key.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.