Facebook signed_request validates but no data in decoded payload: C#

Folks, would really appreciate your help on this as maybe I'm just missing something really obvious. Basically, i'm trying to develop a Facebook canvas iframe app in C# ASP.NET that a business can install on a fan page and users can access via a tab.

Main Requirements: 1. Business clicks install which takes them to apps.facebook.com/myapp 2. I needs to check if I have record in database for that Facebook Profile 3. N: Display page where business enters a unique code. Save Profile Id and Code 4. Y: Display data from database related to that business.

The Issue: I've created app in Facebook and created an ASP.NET website with a single page. The app is running on my dev machine under I开发者_运维知识库IS. When I visit the app on Facebook, it hits my page. I retrieve and validate the signed_request with my API key. However, the decoded payload contains only the SHA256 parameter and no user, oauth, or profile data.

Is there something else I need to do or is my approach completely incorrect? Appreciate any guidance on this.

• Are you requiring user auth, doing the full handshake?

• Have you enabled the "OAuth 2.0 for Canvas (beta)" migration in your Facebook app? It's the last tab of your app config.

If the user visiting your iframe inside the canvas page has not authorized your app, the payload inside the signed_request will be something like this:

{ "algorithm":"HMAC-SHA256", "issued_at":1286824906 }

On the other hand, if your user has authorized your app, the payload inside the signed_request will be something like this:

{ "algorithm":"HMAC-SHA256", "expires":1286827200, "issued_at":1286821560, "oauth_token":"Some Token", "user_id":"Some ID" }

Because you're missing the user_id inside the payload, it sounds like the user has not yet authorized your app.