Reviews by Jesus Altuve


WWW-Facebook-API (0.4.18) *****

Not just a review, but a comment for those thinking this Module is dead. You can STILL use it with facebook with no problems. You simply need to:

my $auth = eval {


desktop => 0,

server_uri => ' . $session->{access_token},

server_uri needs a modified version of restserver.php where you need to pass the access_token you obtain from the OAuth2 dance by parsing the signed_request.

Provided for reference.

sub parse_signed_request {
# ----------------------------------------------------

my ($expected_sig,$decoded_payload,$json,$sig,$encoded_sig,$payload,$data,$signed_request);

$signed_request = shift;

$json = JSON::XS->new->ascii->pretty->allow_nonref;

($encoded_sig, $payload) = split(/\./,$signed_request,2);

# Decode the data

$sig = urlsafe_b64decode($encoded_sig) if $encoded_sig;

$data = $json->decode(urlsafe_b64decode($payload)) if $payload;

if ($data->{algorithm} ne 'HMAC-SHA256') {

facebook_warnings("Unknown algorithm. Expected HMAC-SHA256");



# check sig

$expected_sig = hmac_sha256($payload, $SECRET);

if ($sig ne $expected_sig) {

facebook_warnings("Bad Signed JSON signature!");



$data->{encoded_sig} = $encoded_sig;

return $data;