PHP SDK Version


The FacebookCanvasHelper is used to obtain an access token or signed request when working within the context of an app canvas.

Facebook\Helpers\FacebookCanvasHelper( Facebook\FacebookApp $facebookApp )


If your app is loaded through Canvas, Facebook sends a POST request to your app with a signed request. This helper will handle validating and decrypting the signed request.

$fb = new Facebook\Facebook([/* */]);
$canvasHelper = $fb->getCanvasHelper();
$signedRequest = $canvasHelper->getSignedRequest();

if ($signedRequest) {
  $payload = $signedRequest->getPayload();

If a user has already authenticated your app, you can also obtain an access token.

$fb = new Facebook\Facebook([/* */]);
$canvasHelper = $fb->getCanvasHelper();

try {
  $accessToken = $canvasHelper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
  // When Graph returns an error
  echo 'Graph returned an error: ' . $e->getMessage();
} catch(Facebook\Exceptions\FacebookSDKException $e) {
  // When validation fails or other local issues
  echo 'Facebook SDK returned an error: ' . $e->getMessage();

if (isset($accessToken)) {
  // Logged in.

The $accessToken will be null if the signed request did not contain any OAuth 2.0 data to obtain the access token.

Instance Methods


public FacebookCanvasHelper __construct(FacebookApp $app, FacebookClient $client, $graphVersion = null)

Upon instantiation, FacebookCanvasHelper validates and decrypts the signed request that was sent via POST if present.


public Facebook\AccessToken|null getAccessToken()

Checks the signed request for authentication data and tries to obtain an access token access token.


public string|null getUserId()

A convenience method for obtaining a user's ID from the signed request if present. This will only return the user's ID if a valid signed request can be obtained and decrypted and the user has already authorized the app.

$userId = $canvasHelper->getUserId();

if ($userId) {
  // User is logged in

This is equivalent to accessing the user ID from the signed request entity.

$signedRequest = $canvasHelper->getSignedRequest();

if ($signedRequest) {
  $userId = $signedRequest->getUserId();
  // OR
  $userId = $signedRequest->get('user_id');


public string|null getAppData()

Gets the value that is set in the app_data property if present.


public Facebook\SignedRequest|null getSignedRequest()

Returns the signed request as an instance of Facebook\SignedRequest if present.


public string|null getRawSignedRequest()

Returns the raw encoded signed request as a string if present in the POST variables or null.