PHP SDK Version
5.0.0

SignedRequest entity for the Facebook SDK for PHP

The Facebook\SignedRequest entity represents a signed request.

Facebook\SignedRequest

Signed requests contain payloads of data that can be validated against a hash signature to ensure it is from Facebook. The Facebook\SignedRequest entity can validate a signed request signature and decode the payload.

To instantiate a new Facebook\SignedRequest entity, pass the Facebook\FacebookApp entity and raw signed request to the constructor.

$fbApp = new Facebook\FacebookApp('{app-id}', '{app-secret}');
$signedRequest = new Facebook\SignedRequest($fbApp, 'raw.signed_request');

Usually Facebook\SignedRequest entities are obtained using one of the helper classes.

$fb = new Facebook\Facebook([/* . . . */]);

// Obtain a signed request entity from the cookie set by the JavaScript SDK
$helper = $fb->getJavaScriptHelper();
$signedRequest = $helper->getSignedRequest();

// Obtain a signed request entity from a canvas app
$helper = $fb->getCanvasHelper();
$signedRequest = $helper->getSignedRequest();

// Obtain a signed request entity from a page tab
$helper = $fb->getPageTabHelper();
$signedRequest = $helper->getSignedRequest();

Instance Methods

getRawSignedRequest()

public string|null getRawSignedRequest()

Returns the original raw encoded signed request in the form of a string.

getPayload()

public array|null getPayload()

Returns the signed request payload in the form of an array.

get()

public string|null get(string $key, string|null $default)

Returns a field from the signed request payload or $default if the value does not exist.

getUserId()

public string|null getUserId()

Returns the user_id field from the signed request payload if it exists or null if it does not exists.

hasOAuthData()

public boolean hasOAuthData()

Returns true if the payload data contains either an oauth_token or code field. Returns false if neither value exists.

make()

public string make(array $payload)

Generates a valid raw signed request as a string that contains the data from the $payload array. The signature is signed using the app secret from the Facebook\FacebookApp entity. This can be useful for testing purposes.

$fbApp = new Facebook\FacebookApp('{app-id}', '{app-secret}');
$signedRequest = new Facebook\SignedRequest($fbApp);

$payload = [
  'algorithm' => 'HMAC-SHA256',
  'issued_at' => time(),
  'foo' => 'bar',
  ];
$rawSignedRequest = $signedRequest->make($payload);

var_dump($rawSignedRequest);
// string(129) "c9RNpwW4vGYTGc7_E-_XQu5aoEQrWrx_KDOdz3x9Ec0=.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTQxODE4MjI1NSwiZm9vIjoiYmFyIn0="