mod_auth_opensocial is an Apache module that verifies a signed request generated by OpenSocial's makeRequest function. mod_auth_opensocial supports Apache 2.0, 2.2.

When a signed request is received, mod_auth_opensocial verifies the signature. If the signature is verified, mod_auth_opensocial passes the request to the backend. Otherwise, it denies the request and returns a HTTP status code with 400(Bad Request) or 401(Unauthorized).

Thus, the backend can simply serve what is requested such as dynamic pages or even static HTML pages without verification again. In other words, the backend doesn't even need to know the request is whether signed or not.

NOTE: The name of this module implies authentication but actually what it does is verification.

If you are not familiar with Signed Request, please refer to Introduction To Signed Requests.