If you are using the new, alpha version of the Facebook Connect JavaScript SDK you have no doubt scratched your head on how to verify the session signature. The biggest problem is that the documentation of how to validate the signature is completely wrong for the new open-source javascript API.
The methodology described in the documentation is still correct but there is a new parameter, base_domain, that throws people for a loop. As well, a number of the parameters have changed names. Anyway, here are the parameters that you should be able to retrieve from the cookie fbs_[your API key] if you set the cookie option to true in your call to FB.init or they can be retrieved off of the object returned from a call to FB.getSession():
base_domain=somedomain.com
expires=1221157773
secret=HUvxPvYA_7Hvt2gZ3ndw_T__
session_key=2.s_eeketB6Ed9m5qgz64hYw__.3600.1238553600-327212630
uid=2901279
Concatenate all of the above, append your application secret, which you can retrieve from http://www.facebook.com/developers, and take the md5 of the string. The result should match the sig parameter. (Note: that the values of the parameters above are made up but should resemble your values.)
I’ve tried to follow your instructions but it didn’t work, but Facebook Connect Authentication for ASP.NET (http://fbconnectauth.codeplex.com/releases/view/45294) have released a new version which support the new facebook graph api signature verification !!
I’ve tryed , and it doesn’t work
what’s the problem?????????????????????????????????
thanks
This same basic approach works with the current cookie setup (as of 12/8/2010) but you need to uri unencode the param values (there’s pipes in the “access_token”).
Add also the access_token parameter. It should work
love you
facebook
nimisha