Category Archives: Authentication

Facebook now has official document describing the AppSecret Proof

According to Facebook, You can reduce your exposure to malware and spammers by requiring server-to-server calls to Facebook’s API be signed with the appsecret_proof parameter. And in short, the app secret proof is a sha256 hash of your access token, … Continue reading

Posted in Authentication | Tagged | Leave a comment

Publish_actions requested in Facebook Authentication Dialog even when it is not specified

Take a look at this if you are going to implement Open-Graph actions in your existing Facebook apps. I get a Facebook application that requests only birthday and email permission from the user. ¬†Recently, I planned to added the “Read” … Continue reading

Posted in Authentication | Tagged , | Leave a comment

Be careful when handling the deprecation of Facebook Offline Access Permission

According to Facebook’s roadmap, offline_access permission will be removed on 2May, The offline_accesspermission is deprecated and will be removed July 5, 2012. Until then, you can turn this change on or off using the “Remove offline_access permission” migration. On May … Continue reading

Posted in Authentication, news | Tagged , | Leave a comment

Facebook OAuth 2.0 Authentication Flow – Incomplete Documentation

According to the Facebook Developer Roadmap, all Facebook apps must migrate to OAuth 2.0. If you are to start the migration, no matter you are using the PHP SDK v3.0 or not, I believe you will be reading the Facebook … Continue reading

Posted in Authentication, Development Tips | Tagged | Leave a comment

Official Facebook PHP SDK – not conforming to the latest platform standard?

The recent “authentication data” email that Facebook sent out should be related to the document Legacy Connect Auth. We recently announced that all apps and sites must migrate to our OAuth 2.0 authentication mechanism by September 1, 2011. We released … Continue reading

Posted in Authentication | Tagged , | 4 Comments

3rd Parties Obtaining Authentication Data from Facebook Application

This is a follow up article for Facebook announces security issue for applications built on it platform. In this article, let’s take a closer look at the issue. Right at the beginning of the mail, Facebook advises that Our automated … Continue reading

Posted in Authentication, news | Tagged , , | 3 Comments

Facebook annouces security issue for applications built on it platform

Many of the Facebook developers should have already mails from Facebook advising a possible security issue that 3rd parties may obtain authentication data from application built on top of the Facebook platform. Just in case you haven’t received one, below … Continue reading

Posted in Authentication, news | Tagged | 1 Comment

How-To: Handle expired access tokens

Regarding to the recent “Invalid Access Token”, many developers have been asking for proper way or sample code for handling “invalid access token”.¬† I think Facebook has listened to the public voices. Today, Facebook has published a new document “How-To: … Continue reading

Posted in Authentication, Development Tips | Tagged , , | Leave a comment