I am creating a Facebook application that will integrate into a mobile version of a site. My question is – are the Canvas URL and Post-Authorize URL’s publicly visible? Will the user ever see these URLs or are they just for Facebook to my app’s authentication purposes?
The reason is that the mobile app is run through a mobile application that uses a webview and I do not wish to advertise this URL publicly. I am aware of the Android/iPhone SDK’s, but am looking for the answers to the above questions.
Facebook uses those URLs for security, and there is zero attempt to “hide” them (because it isn’t possible to do so). It’s up to your app to decide what happens when the user is on one of those URLs.