Facebook Deauthorize callback is used to getting notification to the app owner when a user uninstall our app from their fan page or profile.
We have an option in Facebook’s advanced section of app settings named “Deauthorize Callback“.Here we can specify a URL in ourserver.If we are setting a URL in this section facebook will send a signed request to the specified URL when a user uninstall our app from their fanpage or profile.Facebook providing 2 functions to decode the signed Request and get the encoded data using our app secret key.
Here is what i have done in my callback URL to get the singned request details,
<?php
if(isset($_REQUEST[‘signed_request’]))
{ $data=$this->parse_signed_request($_REQUEST[‘signed_request’],’YOUR_FB_SECRET_KEY’);
}
?>
But whats the problem here is that we cannot identify the structure of decoded array $data.because this process is a hidden call so that we cannot print this using print_r();
so what i have done is that stored it to a file by serializing after that i restored this object by unserialize from that file in my server.
here is the code for that:
$s=serialize($data);
file_put_contents(‘yourfilename’,$s);
The above 2 process is happening at the time of uninstall callback.after this 2 processes i executed one more code to get this from that file and print it out.
if(file_exists(‘yourfilename’))
{
$s=file_get_contents(‘yourfilename’);
$data=unserialize($s);
echo “<pre>”;
print_r($data);
echo “</pre>”;
}
Then i got a result like below:
Array
{
[algorithm]=>HMAC-SHA256
[issued_at]=>134534232
[profile_id]=>324556365474
[user]=>Array(
[country]=>in
[locale]=>en_US
)
[user_id]=>0
}
Here i got the fan page id as profile_id from this array .that is the fan page id which is uninstalled my app if it is a user profile the we will get the user facebook id in “user_id” from this array.
here is that 2 functions from facebook:
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode(‘.’, $signed_request, 2);
// decode the data
$sig = $this->base64_url_decode($encoded_sig);
$data = json_decode($this->base64_url_decode($payload), true);
if (strtoupper($data[‘algorithm’]) !== ‘HMAC-SHA256’) {
error_log(‘Unknown algorithm. Expected HMAC-SHA256’);
return null;
}
// check sig
$expected_sig = hash_hmac(‘sha256’, $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log(‘Bad Signed JSON signature!’);
return null;
}
return $data;
}
public function base64_url_decode($input)
{
return base64_decode(strtr($input, ‘-_’, ‘+/’));
}
By using this function you can decode that signed request and get the id of the uninstalled fan page or profile id.
Regards,
sirin k
good one
That was great
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.