Invalid base64 in Facebook signed_request documentation example

Question

The documentation at https://developers.facebook.com/docs/authentication/signed_request/ provides an example of encoded data, which seems to be wrong.

<?php
    echo base64_decode("eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0");
    echo "\n";
    echo base64_encode('{"algorithm":"HMAC-SHA256","0":"payload"}');
    echo "\n";
?>

Gives the output:

{"algorithm":"HMAC-SHA256","0":"payload"}
eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0=

The argument to base64_decode is missing the = padding character. Using base64_encode on the same data shows that it was not created with PHP, or the PHP version used was bugged, or I don't know what. The same documentation page provides a signature that signs the missing = string.

Question: Is the omission of padding a bug in Facebook documentation, or should I expect these kinds of omissions in production code?

Other languages don't fail as "gracefully" as php does, and will actually not decode base64 data with missing padding signs - so this is somewhat important.

score 2 · Answer 1 · answered Jun 05 '12 at 02:12

2

My shop does stuff in C#, and we went for adding the padding ourselves.

Knowing Facebook, from years of developing on their platform ... well, let's just say that this little documentation hiccup doesn't surprise me at all.

answered Jun 05 '12 at 02:12

Owen Berry

401
3
2

Invalid base64 in Facebook signed_request documentation example

1 Answers1