Home/ Questions/Q 3622800
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T23:18:16+00:00

Hey guys, just trying to decode my signed request.. I’ve done a bit of

  • 0

Hey guys, just trying to decode my signed request.. I’ve done a bit of searching and haven’t found a VB alternative..

The signed_request parameter is a concatenation of a HMAC SHA-256 signature string, a period (.) and a base64url encoded JSON object.

signed_request:

vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso
.
eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0

PHP function to decode request:

<?php
define('FACEBOOK_APP_ID', 'your_app_id');
define('FACEBOOK_SECRET', 'your_app_secret');

function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $data = json_decode(base64_url_decode($payload), true);

  if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
  }

  // check sig
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }

  return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

if ($_REQUEST) {
  echo '<p>signed_request contents:</p>';
  $response = parse_signed_request($_REQUEST['signed_request'], 
                                   FACEBOOK_SECRET);
  echo '<pre>';
  print_r($response);
  echo '</pre>';
} else {
  echo '$_REQUEST is empty';
}
?>

And the result is the decoded JSON object:

    {
   "oauth_token": "...big long string...",
   "algorithm": "HMAC-SHA256",
   "expires": 1291840400,
   "issued_at": 1291836800,
   "registration": {
      "name": "Paul Tarjan",
      "email": "fb@paulisageek.com",
      "location": {
         "name": "San Francisco, California",
         "id": 114952118516947
      },
      "gender": "male",
      "birthday": "12/16/1985",
      "like": true,
      "phone": "555-123-4567",
      "anniversary": "2/14/1998",
      "captain": "K",
      "force": "jedi",
      "live": {
         "name": "Denver, Colorado",
         "id": 115590505119035
      }
   },
   "registration_metadata": {
      "fields": "[\n {'name':'name'},\n {'name':'email'},\n {'name':'location'},\n {'name':'gender'},\n {'name':'birthday'},\n {'name':'password',   'view':'not_prefilled'},\n {'name':'like',       'description':'Do you like this plugin?', 'type':'checkbox',  'default':'checked'},\n {'name':'phone',      'description':'Phone Number',             'type':'text'},\n {'name':'anniversary','description':'Anniversary',              'type':'date'},\n {'name':'captain',    'description':'Best Captain',             'type':'select',    'options':{'P':'Jean-Luc Picard','K':'James T. Kirk'}},\n {'name':'force',      'description':'Which side?',              'type':'select',    'options':{'jedi':'Jedi','sith':'Sith'}, 'default':'sith'},\n {'name':'live',       'description':'Best Place to Live',       'type':'typeahead', 'categories':['city','country','state_province']},\n {'name':'captcha'}\n]"
   },
   "user_id": "218471"
}

So does anyone see how to get from point A (php) to point B (VB version)?

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    Dim FBAppID As String, FBSecret As String
    FBAppID = AppSettings.Item("FBAppID")
    FBSecret = AppSettings.Item("FBSecret")

    Dim FBCookie = HttpContext.Current.Request.Cookies("fbs_" + FBAppID)
    If FBCookie Is Nothing Then
        Return ""
    End If

    Dim FBCookieString As String = FBCookie.Value.ToString
    FBCookieString = FBCookieString.Substring(1, FBCookieString.Length - 2) 'remove the quotes at the beginning and end
    Dim Sig As String = ""
    Dim UserID As String = ""
    Dim Payload = ""
    For Each FBKey In FBCookieString.Split("&")
        Dim EqPos As Integer = FBKey.IndexOf("=")
        Dim Key As String = FBKey.Substring(0, EqPos)
        Dim Value = HttpContext.Current.Server.UrlDecode(FBKey.Substring(EqPos + 1))
        If Key = "sig" Then Sig = Value Else Payload += HttpContext.Current.Server.UrlDecode(FBKey)
        If Key = "uid" Then UserID = Value
    Next
    If Sig <> "" Then
        If Sig.ToUpper <> System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Payload + FBSecret, "MD5") Then
            Return ""
        Else
            Return UserID.ToString()
        End If
    • 0