I'm working on a facebook tab app. I need to know when the user uninstall the tab app from their page so that I can update my database. While facebook documentation do not specify how that can be accomplished I read that facebook would ping your deauthorize callback url.
On facebook documentation, they say that they will ping the url with a post request sending a signed_request (http://ift.tt/2ax1EXf), but whenever I remove the tab app from a page facebook send a GET request to my callback url without any signed_request, which doesn't help me to know which page had the app uninstalled.
Access log from my apache server
The 302 redirect is happening because there is no signed request.
What should I do? I can't query all the pages on my database to find out which one had the tab uninstalled because it wouldn't scale, I would need the manage_pages permission and there is no way, without a signed request, to know that the request came from facebook.
Aucun commentaire:
Enregistrer un commentaire