Category Archives: Authentication

Facebook now has official document describing the AppSecret Proof

According to Facebook, You can reduce your exposure to malware and spammers by requiring server-to-server calls to Facebook’s API be signed with the appsecret_proof parameter. And in short, the app secret proof is a sha256 hash of your access token, … Continue reading

Posted in Authentication | Tagged | Leave a comment

With offline_access Deprecation Enabled, Still Receiving 2 hour tokens from Server Side OAuth Call

Hopefully we should all know that while we have still having the offline_access permission available, the access token that we obtained normally is a short-lived one. Wit offline_access deprecated, by default (as according to Facebook’s documentation), we should have received a … Continue reading

Posted in Authentication | Tagged | 1 Comment

Publish_actions requested in Facebook Authentication Dialog even when it is not specified

Take a look at this if you are going to implement Open-Graph actions in your existing Facebook apps. I get a Facebook application that requests only birthday and email permission from the user.  Recently, I planned to added the “Read” Open-Graph action … Continue reading

Posted in Authentication | Tagged , | Leave a comment

Be careful when handling the deprecation of Facebook Offline Access Permission

According to Facebook’s roadmap, offline_access permission will be removed on 2May, The offline_accesspermission is deprecated and will be removed July 5, 2012. Until then, you can turn this change on or off using the “Remove offline_access permission” migration. On May … Continue reading

Posted in Authentication, news | Tagged , | Leave a comment

Facebook is going to removing non-OAuth endpoints for canvas app and page tab

1st October 2011 past already….. and hopefully, the OAuth 2.0 and SSL migration item should have been handled by Facebook developers already (at least for their most important apps). To move a step further, Facebook announced today that they are … Continue reading

Posted in Authentication, news | Tagged , | Leave a comment

Facebook OAuth 2.0 Authentication Flow – Error in Documentation

According to the Facebook Developer Roadmap, all Facebook apps must migrate to OAuth 2.0. If you are to start the migration, no matter you are using the PHP SDK v3.0 or not, I believe you will be reading the Facebook … Continue reading

Posted in Authentication, Development Tips | Tagged | Leave a comment

Official Facebook PHP SDK – not conforming to the latest platform standard?

The recent “authentication data” email that Facebook sent out should be related to the document Legacy Connect Auth. We recently announced that all apps and sites must migrate to our OAuth 2.0 authentication mechanism by September 1, 2011. We released … Continue reading

Posted in Authentication | Tagged , | Leave a comment

3rd Parties Obtaining Authentication Data from Facebook Application

This is a follow up article for Facebook announces security issue for applications built on it platform. In this article, let’s take a closer look at the issue. Right at the beginning of the mail, Facebook advises that Our automated … Continue reading

Posted in Authentication, news | Leave a comment