Our facebook canvas app is having this problem where now, several times a day, the credits callback is passing a signed_request with the following contents:
Array
(
[algorithm] => HMAC-SHA256
[credits] => Array
(
[order_id] => 9005967273834
[order_info] => "item104"
)
[issued_at] => 1319329443
[user] => Array
(
[country] => do
[locale] => es_LA
[age] => Array
(
[min] => 0
[max] => 12
)
)
)
Notice anything missing? That's right! No user_id, buyer, or receiver is given!
We can't tell facebook what the price or description of an item is without knowing who is receiving the item.
This seems like a bad bug! This problem started happening on Oct 11, 2011
This is definitely an intermittent bug, so the only work-around is to pass the user ID from your own code into the order_info field of the item. Then use that instead of the credits receiver if the user information is missing.
I don't like that I have to do this, but it seems necessary.