Facebook API Question posted in
The official documentation for the Facebook APIs can be found here.

Ruby facebook graph api appsecret_proof – Facebook api

How can I create an appsecret_proof using Ruby for the facebook graph api?

Facebook has an example in PHP. I also saw an example in ruby in this gist.

OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), <app_secret>, <user_access_token>)

However I’m receiving an Invalid appsecret_proof provided in the API argument

It’s unclear from the facebook example what $app_access_token is, is that the App ID?

How can I create the appsecret_proof in ruby?

Updated code:

secret = OpenSSL::HMAC.hexdigest('SHA256', ENV["FACEBOOK_SECRET_ID"], app_token)
dct = {
  'access_token' => current_profile.oauth_token,
  'appsecret_proof' => secret,
  'fields' => "context.fields(all_mutual_friends)"
}
url = "https://graph.facebook.com/v2.5/" + friend.uid + "/"

resp = HTTPClient.get(url, dct)
Tags:

2

Answers


  1. 0

    This is code that I have that works:

      hmac = OpenSSL::HMAC.new(FB_SECRET, OpenSSL::Digest::SHA256.new)
  hmac << access_token
  proof = hmac.hexdigest
  param_hash[:appsecret_proof] = proof

    Where FB_SECRET is the 32 digit (in my case) random string.

    In most cases access_token is the user’s login authentication token (I assume current_profile.oauth_token in your case). This token must be associated with your app. If the API call is to be made with your app’s credentials and not a user’s credentials you can use "#{FB_APP_ID}|#{FB_SECRET}" as your access token.

    cf https://developers.facebook.com/docs/facebook-login/access-tokens

    Login or Signup to reply.
  2. 0

    I’ve found another way to generate the appsecret_proof for Facebook:

    OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), <app_secret>, <user_access_token>)

    Excerpt taken from this gist thread

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search