Announcement Announcement Module
No announcement yet.
Canvas apps and signed_requests Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Canvas apps and signed_requests


    I've started working on a Facebook canvas app and I've read through most of the Spring Social manuals, the Spring Social Canvas sample code, and Facebook's documentation. I'm trying to confirm why the Spring Social Canvas sample application starts an OAuth flow from scratch (with the SignInRedirectController hitting Facebook), instead of using the oauth_token passed from Facebook to the Canvas URL in the signed_request parameter? Or is that oauth_token not actually an access token, but some legacy OAuth 1.0 token?

    The main reason I'm asking is that since the signed_request parameter contains the providerUserId, I was seeing if I could simplify sign-ins by checking if I had an existing Connection for that providerUserId and signing in the correct user (replay attacks aside).

    Any pointers would be appreciated,
    Last edited by mers; Sep 4th, 2011, 05:36 PM. Reason: updated to include signed_request Facebook link