Spring Social Facebook
  1. Spring Social Facebook
  2. SOCIALFB-23

Extend FacebookWebArgumentResolver with signed_request

    Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: 1.0.0.RC3
    • Fix Version/s: 1.1.0.M1
    • Component/s: Web
    • Labels:
      None

      Description

      As I had experienced in the past, relying just on the Facebook cookie is not enough. There are browsers out there in the wild which forbid to set and read cookies when the domain in the iframe differs from the parent frame. Namely Safari is such a browser. In that case it was safe to rely on the signed_request parameter to find out who the current facebook user is.

        Activity

        Hide
        Stephan Hochdoerfer added a comment -

        According to the latest Developer Update[1] fb_sig will be discarded at 1st of October and Apps have to reply on the signed_request.

        [1] http://developers.facebook.com/blog/post/555/

        Show
        Stephan Hochdoerfer added a comment - According to the latest Developer Update [1] fb_sig will be discarded at 1st of October and Apps have to reply on the signed_request. [1] http://developers.facebook.com/blog/post/555/
        Hide
        Craig Walls added a comment - - edited

        As part of the work for SOCIALFB-69, I created a SignedRequestDecoder in the Spring Social Facebook web module. SignedRequestDecoder will no doubt be useful when resolving this issue.

        Show
        Craig Walls added a comment - - edited As part of the work for SOCIALFB-69 , I created a SignedRequestDecoder in the Spring Social Facebook web module. SignedRequestDecoder will no doubt be useful when resolving this issue.
        Hide
        Craig Walls added a comment -

        I have added a @SignedRequest annotation and a corresponding web argument resolver (SignedRequestArgumentResolver) for injecting the payload of a signed_request into a Spring MVC controller handler method.

        @SignedRequest-annotated method arguments will be bound with the payload of the signed_request parameter. The type of the request can be a Map or a JavaBean. For example:

        public void someHandlerMethod(@SignedRequest SomeCustomType signedRequest) { ... }
        

        or

        public void someHandlerMethod(@SignedRequest Map<String, Object> signedRequest) { ... }
        

        I still have further testing to perform, but I've gone ahead and created a snapshot build of the Spring Social Facebook web module with it in place to allow for anyone who is interested to try it out and provide feedback.

        Show
        Craig Walls added a comment - I have added a @SignedRequest annotation and a corresponding web argument resolver (SignedRequestArgumentResolver) for injecting the payload of a signed_request into a Spring MVC controller handler method. @SignedRequest-annotated method arguments will be bound with the payload of the signed_request parameter. The type of the request can be a Map or a JavaBean. For example: public void someHandlerMethod(@SignedRequest SomeCustomType signedRequest) { ... } or public void someHandlerMethod(@SignedRequest Map< String , Object > signedRequest) { ... } I still have further testing to perform, but I've gone ahead and created a snapshot build of the Spring Social Facebook web module with it in place to allow for anyone who is interested to try it out and provide feedback.

          People

          • Assignee:
            Craig Walls
            Reporter:
            Stephan Hochdoerfer
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: