有一个facebook python SDK的修改版本，它支持OAuth 2.0和解析github上的fbsr_ cookie：

https://gist.github.com/1190267

你可以看看进入代码，看看如何解析cookie或只是让这个文件为你做的工作。

I'm trying to use the new fbsr_{{appID}} cookie.

I'm using the following functions to parse it, but when I try to get the access_token afterwards, I get 'error validating verification code' message. Is something wrong with these parsing functions? If not, what could be the problem?

more info: I managed to log users in without cookies using the oauth link which redirects back into my site with the code as a parameter, so it can't be the app id, app secret or the redirect_uri. Another reason is that these have different error messages.

def base64_url_decode(inp):
    padding_factor = (4 - len(inp) % 4) % 4
    inp += "="*padding_factor 
    return base64.b64decode(unicode(inp).translate(dict(zip(map(ord, u'-_'), u'+/'))))

def parse_signed_request(signed_request, secret):

    l = signed_request.split('.', 2)
    encoded_sig = l[0]
    payload = l[1]

    sig = base64_url_decode(encoded_sig)
    data = json.loads(base64_url_decode(payload))

    if data.get('algorithm').upper() != 'HMAC-SHA256':
        logging.error('Unknown algorithm')
        return None
    else:
        expected_sig = hmac.new(secret, msg=payload, digestmod=hashlib.sha256).digest()

    if sig != expected_sig:
        return None
    else:
        logging.debug('valid signed request received..')
        return data

args = {}
args['client_id'] = fbapp_id
args['redirect_uri'] = site_url 
args['client_secret'] = fbapp_secret
args['code'] = code
response = urllib.urlopen('https://graph.facebook.com/oauth/access_token?'+urllib.urlencode(args))
# ... here i'm getting the error back from the server: error validating verification code...

There is a modified version of the facebook python SDK which supports OAuth 2.0 and parsing of the fbsr_ cookie on github here:

https://gist.github.com/1190267

You can look into the code to see how to parse the cookie or just let that file do the work for you.