Search code examples
c#facebooksigned

Referral Url's on Facebook Page tab

I have a Facebook Page Tab app and I'm trying to find out where visitors to the page tab are coming from. I've read on http://developers.facebook.com/docs/authentication/signed_request/ that you can get these from app_data in the signed request but whenever I try getting the signed request app_data isn't there.

I used FB.getLoginStatus to get the signed request when inside the tab on Facebook, but When I debug the signed request with http://developers.facebook.com/tools/echo I get the error "Bad Signature"

Your signed_request was probably not signed with our app_id of xxxxx Here is the payload: { "algorithm": "HMAC-SHA256", "code": "xxxx", "issued_at": xxxx, "user_id": "xxxx2" }

I'm using the C# SDK with Javascript

Solution

  • You can decode the signed request with the code in this topic: Decode Signed Request Without Authentication

    if (Request.Params["signed_request"] != null)
{
    string payload = Request.Params["signed_request"].Split('.')[1];
    var encoding = new UTF8Encoding();
    var decodedJson = payload.Replace("=", string.Empty).Replace('-', '+').Replace('_', '/');
    var base64JsonArray = Convert.FromBase64String(decodedJson.PadRight(decodedJson.Length + (4 - decodedJson.Length % 4) % 4, '='));
    var json = encoding.GetString(base64JsonArray);
    var o = JObject.Parse(json);
    var lPid = Convert.ToString(o.SelectToken("page.id")).Replace("\"", "");
    var lLiked = Convert.ToString(o.SelectToken("page.liked")).Replace("\"", "");
    var lUserId= Convert.ToString(o.SelectToken("user_id")).Replace("\"", "");
}

    It should be easy to get the app_data by adding 

    var lAppData = Convert.ToString(o.SelectToken("app_data")).Replace("\"", "");

    To the have the app_data for your tab app you need to add it to the redirect url when acquiring permissions. You redirect url should something like:

    http://facebook.com/YOUR_PAGE?sk=app_YOUR_APP_ID&app_data=add,whatever,parameters,you,want,here

    I can only guess that the reason you got this error is because you just pasted your signed request in the address bar instead of the one used by the echo tool. The error is because your signed request is signed by your app_id and you're trying to use it with echo which has another app_id. But that's just a guess :)

    My primary language is PHP but hope I was able to help :)