Finding lots of mixed answers on this from Google - but mostly 2-3 years out of date.
I'm building an iframe app to sign on a FB Page.
WIthin the app we have a voting mechanism that ideally we'd like to restrict users to one vote on each piece of content. Rather than forcing registration we were just going to log the vote against the users unique FB ID...
I've hit two issues that hopefully someone can advise on:
1) Sometimes the signed_request variable passed to the app doesn't contain the user_id at all - seemingly just blank... This has only happened half a dozen times, but often enough to have me worrying...
2) When a page admin is logged in it seems to report the Page ID instead of the User ID - again be good to understand if this is standard behaviour...
Anyone attempted something similar?
Facebook only sends over the user id if they have authed the app, period. Facebook doesn't not give identifiable information to third party apps unless the user has approved it. If they are sending it over, the user has approved the app, or Facebook has a bug.