Facebook canvas authentication by referral

Question

I have been stuck with this problem for a while now, and I just gave up today, I realized I really badly need help, and i couldn't find any posts addressing a similar issue.. so

I am trying to create a facebook app (since jan 1 2012 - incase there has been any standards change, you guys can tell me about it), and I have properly set my canvas url.

So right now when you visit my app on facebook, as apps.facebook.com/canvas-page you can see my app. However I am having problem with authentication.

My app requires basic information, and email address of the user trying to access it.

So as far as I have gotten so far, I have set it so that new users can see the authentication dialog and then visit my app. On visiting my app I want my app to be able to access the information as I stated above. However on my canvas page I did the following for code in php, and nothing else, I want to be able to see what information is passed on to my app by the facebook referral from the authentication dialog:

    <?php 
    print_r($_GET);
    echo "\n";
    print_r($_POST);
    ?>

However sadly this is giving me empty arrays, and nothing else.

All I really need for my Facebook app is the access_token, and the user id, although I am pretty sure I can access the current user's id by visiting graph.facebook.com/me?access_token=[access token provided from somewhere]

so thats my first problem, second problem is that when I logout of facebook and I visit apps.facebook.com/canvas-page I don't get asked to login, why is that so? Do I have to redirect to Facebook using JavaScript to login and then refer to my app?

Currently these are my settings (ask for more info so that i can give them to you) Settings > Auth Dialog > Authenticated referrals > User & Friend permission = email Settings > Auth Dialog > Authenticated referrals > Auth Token parameter = ?code=

Settings > Advanced > migrations = ALL ENABLED

Answer 1

FB use Signed Request to send data to your app (not $_POST, not $_GET). There is a chapter called signed_request Parameter in Sample Canvas App that talk about it.

Using php-sdk you can obtain it like this:

$signed_request = $facebook->getSignedRequest();

var_dump($signed_request);

array (
  'algorithm' => 'HMAC-SHA256',
  'expires' => 1326632400,
  'issued_at' => 1326628636,
  'oauth_token' => '***',
  'page' => 
  array (
    'id' => '***',
    'liked' => false,
    'admin' => true,
  ),
  'user' => 
  array (
    'country' => 'cl',
    'locale' => 'en_US',
    'age' => 
    array (
      'min' => 21,
    ),
  ),
  'user_id' => '***',
)

Besides you can pass a parameter called app_data through URL:

"http://www.facebook.com/YourPage?v=app_1234567890&app_data=any_string_here"

You will get it in the $signed_request too.

...
array (
  'algorithm' => 'HMAC-SHA256',
  'app_data' => 'any_string_here',
  'expires' => 1326636000,
  'issued_at' => 1326629411,
...

Please comment! Thanks.-