Post-Authorize Callback URL
From Facebook Developer Wiki
The Post-Authorize Callback URL is briefly described in Creating Your First Application. This URL is pinged when a person authorizes your application. Facebook's servers will POST several fields back to this URL along with a signature.
[edit] POST Parameters
After a user authorizes your application, Facebook sends a number of POST parameters to your Post-Authorize Callback URL in the form of a POST request. The user authorizing your application will not be redirected to this URL (specify the post-authorize redirect URL in your application's settings to configure the redirect). Facebook's servers send this request in the background.
[edit] POST Parameters of Ping
The following fields are sent to your Post-Authorize URL in the form of a POST request. Facebook's servers send this request in the background.
| Type | Name | Description |
|---|---|---|
int
| fb_sig_authorize | Set to 1 to indicate the user is authorizing your application [Note: this variable was fb_sig_install] |
string
| fb_sig_time | A UNIX timestamp indicating when the user authorized (e.g. 1187756160.7131)
|
int
| fb_sig_user | The uid of the person who is authorizing your application (e.g. 609143784)
|
int
| fb_sig_profile_update_time | A UNIX timestamp for when the user last updated their profile. |
string
| fb_sig_session_key | The active session_key for the user who is authorizing the application.
|
int
| fb_sig_expires | The expiration time originally given to your application for the original session_key.
|
string
| fb_sig_api_key | The api_key of your application that is being installed.
|
string
| fb_sig_linked_account_ids | JSON-encoded array of linked account ids that were set with Connect.registerUsers. If you have previously registered a user's email address, and that user then accepts a Connect request for your application, then your ping will include the corresponding set of linked ids for that user. |
string
| fb_sig | This is the signature of the POST. Facebook uses the same signing process that your application uses to make requests to Facebook. With the exception that it truncates fb_sig_ from variable names when creating the signature.
|
For more explanation, also see Authorizing Applications.
