php - Facebook signed request doesn't return user ID -

i adding facebook login codeigniter app (i integrating fb canvas app) using code presented here. app isn't open public yet, testing own account (which has "administrator" role app on fb).

the problem is, not getting user id following code. in fact, i'm getting small portion of data should getting.

here relevant part of code (found in libraries/facebook.php on git page above):

public function getsignedrequest() {     if (!$this->signedrequest) {       if ($this->allowsignedrequest && !empty($_request['signed_request'])) {  //this condition true         $this->signedrequest = $this->parsesignedrequest(           $_request['signed_request']    //long random-looking string, 180 characters         );       } else if (!empty($_cookie[$this->getsignedrequestcookiename()])) {         $this->signedrequest = $this->parsesignedrequest(           $_cookie[$this->getsignedrequestcookiename()]);       }     }     return $this->signedrequest;   } 

the function above returns this:

array(3) { ["algorithm"]=> string(11) "hmac-sha256" ["issued_at"]=> int(1402224646) ["user"]=> array(3) { ["country"]=> string(2) "rs" ["locale"]=> string(5) "en_us" ["age"]=> array(1) { ["min"]=> int(21) } } }  

even though it's supposed return according docs:

{   "algorithm": "hmac-sha256",   "expires": 1317243600,   "issued_at": 1317239909,   "oauth_token": "<token>",   "page": {     "id": "<id>",     "liked": false,     "admin": true   },   "user": {     "country": "in",     "locale": "en_gb",     "age": {       "min": 21     }   },   "user_id": "<user-id>" } 

so stuff that's missing user_id, page, expires , oauth_token.

this parsesignedrequest function:

protected function parsesignedrequest($signed_request) {      if (!$signed_request || strpos($signed_request, '.') === false) {         self::errorlog('signed request invalid!');         return null;     }      list($encoded_sig, $payload) = explode('.', $signed_request, 2);      // decode data     $sig = self::base64urldecode($encoded_sig);     $data = json_decode(self::base64urldecode($payload), true);var_dump($data);      if (!isset($data['algorithm'])         || strtoupper($data['algorithm']) !==  self::signed_request_algorithm     ) {       self::errorlog(         'unknown algorithm. expected ' . self::signed_request_algorithm);       return null;     }      // check sig     $expected_sig = hash_hmac('sha256', $payload,                               $this->getappsecret(), $raw = true);      if (strlen($expected_sig) !== strlen($sig)) {       self::errorlog('bad signed json signature!');       return null;     }      $result = 0;     ($i = 0; $i < strlen($expected_sig); $i++) {       $result |= ord($expected_sig[$i]) ^ ord($sig[$i]);     }      if ($result == 0) {       return $data;     } else {       self::errorlog('bad signed json signature!');       return null;     }   } 

i exact same response whether try own account (administrator role) or friend's account (tester role). if try third account (no role @ all) facebook correctly says page isn't available (because app closed public).

can see problem?

obviously, there no page data on canvas app (because there no page).

about user-id: of course have implement user authorization, or not id. don´t see user authorization in code. without authorization, user anonymous. can implement authorization javascript or php, example. here resources:

• https://developers.facebook.com/docs/reference/javascript/fb.login/v2.0
• https://github.com/facebook/facebook-php-sdk-v4

keep in mind not real user id anymore, "app scoped id". see following facebook resources more information:

• https://developers.facebook.com/docs/apps/changelog
• https://developers.facebook.com/docs/apps/upgrading