Facebook Authorization (Client Side) with JavaServerPages (JSP) and JavaScript, get the JSON Object and encoded Signature

Hi,

I found some instructions when I was looking for a code snippet which authorises a facebook app with JSP.

Here is my solution in JSP.

Start with importing the right libs:

page import="java.util.*" 
page import="java.net.*";
page import="org.json.simple.*";
page import="org.apache.commons.codec.binary.*";

Go to https://developers.facebook.com/apps, select your app and see information you now need.

After that go ahead with declaration of the variables. Replace the String variables with the right content:

String encodedSignature;
String fbSecretKey = "***********";
String appID = "APPID";
String canvasURL = "CANVASURL";
String scope = "email";
String appUrl = "APPURL";
String redirectURL = "http://www.facebook.com/dialog/oauth?client_id="+appID+"&redirect_uri="+canvasURL+"&scope="+scope;

Now it’s getting more interesting…
Get the signed request parameter.

The signed request is send via POST to your app if it is loaded within the canvas page. In words verify if it is null:

if(request.getParameter("signed_request") != null){ 
//...the following coding here
}else{
response.sendRedirect(redirectURL);
}

Now that we know the signed request isn’t null we can get the information out of it. This parameter is a string which consists of HMAC SHA-256 signature and a base64url encoded JSON object seperated by a “.”.

Base64 base64 = new Base64(true);
String[] signed_request request.getParameter("signed_request").split("\\.", 2);

Ok we splitted the string and are able to get the signature.

encodedSignature = new String(base64.decode(signed_request[0].getBytes("UTF-8")));
payload = new String(base64.decode(signed_request[1].getBytes("UTF-8")));
JSONObject data = (JSONObject)JSONValue.parse(payload);

Ok here we go, you have the JSON Object and the encoded Signature! You are free to get the data out of the JSON Object and check the integrity of the response with the encoded Signature…

Der Beitrag Facebook Authorization (Client Side) with JavaServerPages (JSP) and JavaScript, get the JSON Object and encoded Signature erschien zuerst auf Duckout.