Home/ Questions/Q 6385461
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T02:54:09+00:00

So, we switched from Facebook Connect to the new Javascript SDK and OpenGraph when

  • 0

So, we switched from Facebook Connect to the new Javascript SDK and OpenGraph when it first came out.

Back in May, some of our customers got an email telling them that they might have security holes and might need to upgrade to Oauth 2.0. I looked at our new code compared with the docs for FB.login at the time and ended up with the impression that customers using our new stuff would be OK, so customers on the old Facebook Connect version of our product would have to upgrade to the latest version.

Today it came to my attention that the Javascript SDK was changed so that to use OAuth 2.0, code changes would need to be made after all. (i.e. this blog post, which was made over a month after that email went out), and that I’d need to upgrade by October 1st.

So, today I tried just setting my app’s “Oauth 2.0 Migration” flag to true and running it with our same code. It worked, which I didn’t expect. So my question is, do I need to make code changes outlined in the linked blog post or not? If the app works today with the “Oauth 2.0 Migration” checkbox checked, is that valid cause to assume that it will continue to work after October 1st?

Here’s my code:

// call to FBinit does not include oauth: true
FB.init({appId: opts.ApiKey, status: true, cookie: true, xfbml: true});

// call to login expects response.session on response. not response.authResponse. 
// Shame on Facebook for arbitrarily renaming that so I can't do a clean swap.
FB.login(function(response){
    if(response.session){
        var access_token = response.session.access_token;
        // blah blah blah
    }
});
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would change all the code over, also enabling O-2.0 and using old auth methods could break a session causing users not be able to log out through the application, or leaving session in the app when user logs out of Facebook.

    With new O-2.0 enabled and old auth disabled, i use the sample below, integrated with php-sdk 3.1.1 with out any error or issue.

          <div id="FBauth"></div>
      <div id="fb-root"></div>
<script>
      window.fbAsyncInit = function() {
        FB.init({
    appId  : '112104298812138',
    status : true, // check login status
    cookie : true, // enable cookies to allow the server to access the session
    xfbml  : true, // parse XFBML
    //channelUrl : 'http://WWW.MYDOMAIN.COM/channel.html', // channel.html file
    oauth  : true // enable OAuth 2.0
        });
FB.Canvas.EarlyFlush.addResource("http://shawnsspace.com/index.php");
FB.Canvas.setAutoResize();
            FB.getLoginStatus(function(response) {
              if (response.authResponse) {
                // logged in and connected user, someone you know
                var authbox = document.getElementById('FBauth');
                //authbox.innerHTML="Hey" +authResponse.name+ "";
                authbox.innerHTML="<fb:login-button autologoutlink='true'></fb:login-button><fb:login-button show-faces='true' width='250' max-rows='1'></fb:login-button>";
                FB.XFBML.parse(authbox);
                //var a = document.createElement('a');
                //alert();
              } else {
                // no user session available, someone you dont know
                var authbox = document.getElementById('FBauth');
                authbox.innerHTML="";
                var a = document.createElement('a');
                a.setAttribute("href","javascript:void();");
                a.setAttribute("onclick","FBlogin();");
                a.innerHTML="Please Login";
                authbox.appendChild(a);
                //alert('not logged in'+response+'');
//
        window.FBlogin = function(){
                FB.login(function(response) {
               if (response.authResponse) {
                 FB.api('/me', function(response) {
                 });

               } else {
               top.location.href = "http://apps.facebook.com/shawnsspace/";
                 // user cancealed login.
               }
             }, {scope: 'manage_pages'});
        };
//          
              }
            }); 

        FB.Event.subscribe('auth.login', function(response) {
        top.location.href = 'http://apps.facebook.com/shawnsspace/';
        });
        FB.Event.subscribe('auth.logout', function(response) {
        //top.location.href = "http://facebook.com/designbyshawn";
        });
      };
      (function() {
        var e = document.createElement('script'); e.async = true;
        e.src = document.location.protocol +
          '//connect.facebook.net/en_US/all.js';
        document.getElementById('fb-root').appendChild(e);
      }());
</script>
    • 0