I understood from Facebook s tutorial that someone clicks on your Facebook app and is brought to your app page: http://apps.facebook.com/example_app
Then Facebook opens an iframe with your canvas URL and does a POST with the signed_request parameter. That parameter has all the info you need, check it if the user has accepted your application. If not, redirect to the OAuth 2 flow. If they have, then the signed_request will contain their user_id.
Unfortunately, I m not passed any signed_request parameter when I click on my facebook app! This is what I m passed in the POST request body:
fb_sig_in_iframe=1&fb_sig_locale=en_US&fb_sig_in_new_facebook=1&fb_sig_time=1316465522.5989&fb_sig_added=1&fb_sig_profile_update_time=1280164553&fb_sig_expires=1316469600&fb_sig_user=111111111&fb_sig_session_key=&fb_sig_ss=222222222222222&fb_sig_cookie_sig=333333333333&fb_sig_ext_perms=email&fb_sig_country=us&fb_sig_api_key=44444444444444&fb_sig_app_id=555555555555&fb_sig=66666666666
Is it the above or signed_request? I m confused... how can I get the access_token of the user and his user_id?