I am creating an application that will allow people to publish content on our website and have it simultaneously appear in their Facebook timeline. From my understanding of the OpenGraph API, I need to create a publicly available page with metadata that Facebook can access in order for the publish action to work. For example:
<head>
<meta property="fb:app_id" content="" />
<meta property="og:type" content="" />
<meta property="og:title" content="" />
<meta property="og:image" content="" />
<meta property="og:url" content="" />
<meta property="og:description" content="" />
</head>
My concern is that if this page is available to Facebook, then people who are not logged into our website will be able to see this content as well. Is this a common security concern? What best practices are recommended to make your users’ content secure from unauthorized users?
It depends on what you want to share.
If you just want to share text or a photo that you’ve uploaded to a user’s album, you can create a post or photo using the Graph API.
Otherwise, you need to restrict the visibility of shared pages with rules on your server. The shared page needs to be visible to the Facebook scraper (See this SO post for details), but require authentication for other users and search engines.