Facebook is going to removing non-OAuth endpoints for canvas app and page tab

1st October 2011 past already….. and hopefully, the OAuth 2.0 and SSL migration item should have been handled by Facebook developers already (at least for their most important apps).

To move a step further, Facebook announced today that they are auto-enabling two migrations in the Dev App: signed_request for Canvas and Encrypted Access Token.

  • If your apps do not have code with depends on fb_sig, then you should be safe when the “signed_request for Canvas” is enabled
  • And if you have not been trying to “decode” the access token (such as trying to get the user ID from it), then enabling the “encrypted access token” should have no impact to you.

More important that the above is that, althought the old / not migrated apps may continue to work at the moment, they will break when Facebook remove the non-OAuth endpoints.

  • On October 11th, apps using the old JavaScript Library (FeatureLoader.js) or the old iPhone SDK (facebook-iphone-sdk) for authentication will no longer be able to authenticate users until these apps switch to OAuth 2.0.
  • For the endpoints supporting the old PHP SDK (versions prior to v.3.1.1) and non-OAuth authentication in the current JavaScript SDK, the date for removing the endpoints has not been fixed yet.

So, just in case you are still in the progress of converting your apps, you still have time.


This entry was posted in news and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *