Facebook has changed their API on the 11th of March, 2011. The main feature is allowing you to create application using iFrames instead of FBML -- which is great! The problem is that I spent half a day for something that should only take 10mins; that is, figuring out what you need to do in order to integrate your custom PHP code with Facebook.
Here's a comprehensive list of the steps you need to take. I assume you already have a simple PHP page, ready to be included in Facebook's iFrame. You should start by reading the Facebook Application Developer page. The following is a step by step list that has a few gotcha's that are not included in that guide.
- If you haven't already done so, go to http://www.facebook.com/developers and click on "Set up New App". You will probably be prompted to allow access to your Facebook data by the Developer app.
- You need to fill in the application details. These are mostly self explanartory, you just need to remember that most are optional.In case you want to allow HTTPS access to your application (apparently some people use it to browse Facebook), you need to have a valid SSL certificate. Otherwise instead of your app, your users will only see the "Invalid certificate" error.
- The documentation only mentions the signed_request parameter in the context of authorization, however you do get a few pieces of information without asking for permission:
- You will receive a POST argument, signed_request
- This is a composite string : a HMAC-SHA256 signature, a period ('.') and a base64url encoded, json serialized array ( not a simple base64url encoded string, as mentioned in the docs )
- Facebook provides documentation on the structure, as well as functions to parse it here
- The only useful information you have at this moment about your visitor, is the user ID, and a flag about whether he has liked your application.
- To get more information about the user, he must allow access to his data. This is covered well enough in the Facebook Application Devleoper page