Comments on: Validate a Facebook JavaScript SDK cookie with Ruby http://lostechies.com/joshuaflanagan/2010/11/17/validate-a-facebook-javascript-sdk-cookie-with-ruby/ Thu, 14 Mar 2013 03:50:00 +0000 hourly 1 http://wordpress.org/?v=3.4.2 By: Shogo http://lostechies.com/joshuaflanagan/2010/11/17/validate-a-facebook-javascript-sdk-cookie-with-ruby/#comment-283 Shogo Sun, 26 Aug 2012 17:54:00 +0000 /blogs/joshuaflanagan/archive/2010/11/16/validate-a-facebook-javascript-sdk-cookie-with-ruby.aspx#comment-283 Thanks Joshua! Its working great!  Thanks Joshua! Its working great! 

]]> By: Anonymous http://lostechies.com/joshuaflanagan/2010/11/17/validate-a-facebook-javascript-sdk-cookie-with-ruby/#comment-282 Anonymous Sat, 25 Aug 2012 14:40:00 +0000 /blogs/joshuaflanagan/archive/2010/11/16/validate-a-facebook-javascript-sdk-cookie-with-ruby.aspx#comment-282 I did not update to use a 3rd party SDK. I only needed to make a few changes to my code: cookie = request.cookies["fbsr_#{@fb_app_id}"] fb_info = JSON.parse(urldecode64(cookie.split('.',2)[1])) def urldecode64(str) encoded_str = str.tr('-_', '+/') encoded_str += '=' while !(encoded_str.size % 4).zero? Base64.decode64(encoded_str) end def valid_cookie? return false unless cookie return false if fb_info['algorithm'].to_s.upcase != 'HMAC-SHA256' encoded_sig, payload = cookie.split('.', 2) sig = urldecode64(encoded_sig) expected_sig = OpenSSL::HMAC.digest('sha256', settings.fb_app_secret, payload) expected_sig == sig end I did not update to use a 3rd party SDK. I only needed to make a few changes to my code:

cookie = request.cookies["fbsr_#{@fb_app_id}"]

fb_info = JSON.parse(urldecode64(cookie.split(‘.’,2)[1]))

def urldecode64(str)
encoded_str = str.tr(‘-_’, ‘+/’)
encoded_str += ‘=’ while !(encoded_str.size % 4).zero?
Base64.decode64(encoded_str)
end

def valid_cookie?
return false unless cookie
return false if fb_info['algorithm'].to_s.upcase != ‘HMAC-SHA256′
encoded_sig, payload = cookie.split(‘.’, 2)
sig = urldecode64(encoded_sig)
expected_sig = OpenSSL::HMAC.digest(‘sha256′, settings.fb_app_secret, payload)
expected_sig == sig
end

]]> By: Shogo http://lostechies.com/joshuaflanagan/2010/11/17/validate-a-facebook-javascript-sdk-cookie-with-ruby/#comment-281 Shogo Sat, 25 Aug 2012 08:06:00 +0000 /blogs/joshuaflanagan/archive/2010/11/16/validate-a-facebook-javascript-sdk-cookie-with-ruby.aspx#comment-281 for the mean time, Andrew from the #facebook chatroom on irc.freenode.net advised me to look at the PHP opensource code to see how they do it.  This code looks like a good place to start:  https://github.com/facebook/facebook-php-sdk/blob/master/src/base_facebook.php#L987 for the mean time, Andrew from the #facebook chatroom on irc.freenode.net advised me to look at the PHP opensource code to see how they do it.  This code looks like a good place to start:  https://github.com/facebook/facebook-php-sdk/blob/master/src/base_facebook.php#L987

]]> By: Shogo http://lostechies.com/joshuaflanagan/2010/11/17/validate-a-facebook-javascript-sdk-cookie-with-ruby/#comment-280 Shogo Sat, 25 Aug 2012 06:20:00 +0000 /blogs/joshuaflanagan/archive/2010/11/16/validate-a-facebook-javascript-sdk-cookie-with-ruby.aspx#comment-280 Thanks for the warning Joshua.  Are you planning to move to one of the various 3rd party ruby sdks listed on:  https://developers.facebook.com/tools/third-party-sdks/#ruby I'm not sure if any of them satisfy:  1. Sinatra  2. Integration with the Facebook SDK for Javascript Thanks for the warning Joshua.  Are you planning to move to one of the various 3rd party ruby sdks listed on:  https://developers.facebook.com/tools/third-party-sdks/#ruby

I’m not sure if any of them satisfy:
 1. Sinatra
 2. Integration with the Facebook SDK for Javascript

]]> By: Anonymous http://lostechies.com/joshuaflanagan/2010/11/17/validate-a-facebook-javascript-sdk-cookie-with-ruby/#comment-279 Anonymous Fri, 24 Aug 2012 13:11:00 +0000 /blogs/joshuaflanagan/archive/2010/11/16/validate-a-facebook-javascript-sdk-cookie-with-ruby.aspx#comment-279 This article is now out of date. I discovered the same problem recently. The cookie now comes through as "fbsr_#{@fb_app_id:disqus }", and I think it is intended to be used in a different way. See some discussion here: http://stackoverflow.com/questions/7206204/new-js-sdk-with-oauth-2-0-saving-subdomain-in-fbsr-cookie I will update this article with a warning. This article is now out of date. I discovered the same problem recently. The cookie now comes through as “fbsr_#{@fb_app_id:disqus }”, and I think it is intended to be used in a different way. See some discussion here: http://stackoverflow.com/questions/7206204/new-js-sdk-with-oauth-2-0-saving-subdomain-in-fbsr-cookie

I will update this article with a warning.

]]> By: Shogo http://lostechies.com/joshuaflanagan/2010/11/17/validate-a-facebook-javascript-sdk-cookie-with-ruby/#comment-278 Shogo Fri, 24 Aug 2012 09:24:00 +0000 /blogs/joshuaflanagan/archive/2010/11/16/validate-a-facebook-javascript-sdk-cookie-with-ruby.aspx#comment-278 cookie = request.cookies["fbs_#{@fb_app_id}"] on the sinatra server side, my cookie is nil. I am logged in with the javascript sdk with status and cookie set to true for FB.init i even hardcoded fbs_123456 #thats not my real app id of course. I found your article because 3rd party tools like fb_graph are not working with the javascript sdk (or I can't get it to work). cookie = request.cookies["fbs_#{@fb_app_id}"]
on the sinatra server side, my cookie is nil. I am logged in with the javascript sdk with status and cookie set to true for FB.init
i even hardcoded fbs_123456 #thats not my real app id of course.
I found your article because 3rd party tools like fb_graph are not working with the javascript sdk (or I can’t get it to work).

]]>