Post-Authorize Callback URL
From Facebook Developer Wiki
The Post-Authorize Callback URL is briefly described in Creating Your First Application. This URL is pinged when a person authorizes your application. Facebook's servers will POST several fields back to this URL along with a signature.
POST Parameters
After a user authorizes your application, Facebook sends a number of POST parameters to your Post-Authorize Callback URL in the form of a POST request. The user authorizing your application will not be redirected to this URL (specify the post-authorize redirect URL in your application's settings to configure the redirect). Facebook's servers send this request in the background.
POST Parameters of Ping
The following fields are sent to your Post-Authorize URL in the form of a POST request. Facebook's servers send this request in the background.
| Type | Name | Description |
|---|---|---|
int
| fb_sig_authorize | Set to 1 to indicate the user is authorizing your application [Note: this variable was fb_sig_install] |
string
| fb_sig_time | A UNIX timestamp indicating when the user authorized (e.g. 1187756160.7131)
|
int
| fb_sig_user | The uid of the person who is authorizing your application (e.g. 609143784)
|
int
| fb_sig_profile_update_time | A UNIX timestamp for when the user last updated their profile. |
string
| fb_sig_session_key | The active session_key for the user who is authorizing the application.
|
int
| fb_sig_expires | The expiration time originally given to your application for the original session_key.
|
string
| fb_sig_api_key | The api_key of your application that is being installed.
|
string
| fb_sig_linked_account_ids | JSON-encoded array of linked account ids that were set with Connect.registerUsers. If you have previously registered a user's email address, and that user then accepts a Connect request for your application, then your ping will include the corresponding set of linked ids for that user. |
string
| fb_sig | This is the signature of the POST. Facebook uses the same signing process that your application uses to make requests to Facebook. With the exception that it truncates fb_sig_ from variable names when creating the signature.
|
For more explanation, also see Authorizing Applications.
