• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
What's New on the Facebook Platform, May 2011
 

What's New on the Facebook Platform, May 2011

on

  • 8,616 views

Slides from a spin through new stuff on the Facebook Platform for May 2011

Slides from a spin through new stuff on the Facebook Platform for May 2011

Statistics

Views

Total Views
8,616
Views on SlideShare
8,479
Embed Views
137

Actions

Likes
1
Downloads
6
Comments
1

5 Embeds 137

http://www.facebookgarage.org.uk 132
http://www.keithmander.com 2
http://twitter.com 1
http://translate.googleusercontent.com 1
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • How many developers here? How many clients or agencies?

What's New on the Facebook Platform, May 2011 What's New on the Facebook Platform, May 2011 Presentation Transcript

  • What’s New on The Facebook Platform
    • Iskandar Najmuddin
    • 18 th May 2011
    • Facebook Developer Garage London
    • Facebook Developer Garage London
    • WHOA
    • MY TOKEN IS LEAKING
    • The Problem
    • Access token referrer-leakage with old Auth flow:
    • 3 rd party sites getting user access_tokens via HTTP_REFERER
    • The Solution
    • OAuth 2.0 (deadline September 1 st )
    • HTTPS (deadline October 1 st )
    • Huh? Start here: https://developers.facebook.com/docs/authentication/
    • The Workaround
    • Legacy Auth: interstitial page
    • The Help
    • Updated PHP & JS SDKs coming July 1 st
    • The Great HTTPS & OAuth 2.0 Requirement of 2011
    • KNOW THE FLOW
    • AKA authentication code flow in the OAuth draft spec.
    • 1. You redirect user to FB OAuth dialog (with scope & redirect):
    • https://www.facebook.com/dialog/oauth?
    • client_id= YOUR_APP_ID &redirect_uri= YOUR_URL &scope=email,read_stream&
    • state= YOUR_ANTI_CSRF_TOKEN
    • 2. After auth, FB redirects user to you with an auth code (or error details):
    • http:// YOUR_ U RL ?code= A_CODE_GENERATED_BY_FB &state= YOUR_ANTI_CSRF_TOKEN
    • 3. You redeem code for an access_token :
    • https://graph.facebook.com/oauth/access_token?      client_id= YOUR_APP_ID &redirect_uri= YOUR_URL &      client_secret= YOUR_APP_SECRET &code= A_CODE_GENERATED_BY_FB_AS_ABOVE
    • Notice how the access_token never surfaces in the browser? #Winning!
    • OAuth 2.0 – Server Side Flow
    • FLOW ME DOWN
    • 1. You redirect user to FB OAuth dialog with response_type=token:
    • https://www.facebook.com/dialog/oauth?
    • client_id= YOUR_APP_ID &redirect_uri= YOUR_URL &scope=email,read_stream&
    • response_type=token
    • 2. After auth, FB redirects user to you with an access_token in the URL fragment:
    • http:// YOUR_ U RL # access_token= ACCESS_TOKEN
    • 3. Use your access_token in the browser:
    • var accessToken = window.location.hash.substring(1);
    • // Do stuff with accessToken
    • The URL fragment won’t appear to your web server in any CGI vars. #Winning!
    • OAuth 2.0 – Client Side Flow
    • HOW FLOW CAN YOU GO?
    • What’s “Legacy”?
    • If you redirect to https://www.facebook.com/login.php?blah
    • Anyone get a “48-hour” email from FB?
    • The Workaround
    • You supply the interstitial page as the redirect_uri
      • No 3rd-party content allowed on this page!
    • Post-auth, FB redirects user to interstitial page
      • You store FB session data and then…
    • You redirect user to your normal landing page
      • After stripping out any FB-related query vars
    • More detail: https://developers.facebook.com/docs/authentication/connect_auth/
    • Legacy Flow Workaround
    • VIDEO UPLOAD
    • Post to https://graph-video.facebook.com/me/videos
      • Not graph.facebook.com , mkay?
      • Form enctype must be m ultipart/form-data
      • Data expected in file var
    • Doesn’t work for Pages… yet.
    • PHP example
    • $post_url   =   "https://graph-video.facebook.com/me/videos?"
    •    .   "title="   .   $video_title .   "&description="   .   $video_desc
    •    .   "&" .   $access_token ;  
    • echo   '<form enctype=&quot;multipart/form-data&quot; action=&quot;' . $post_url . '
    • &quot;method=&quot;POST&quot;>' ;
    • echo   'Please choose a file:' ;
    • echo   '<input name=&quot;file&quot; type=&quot;file&quot;>' ;
    • echo   '<input type=&quot;submit&quot; value=&quot;Upload&quot; />' ;
    • echo   '</form>'
    • Upload Video via Graph API
    • TO THE BATCH-CAVE
    • Post to graph.facebook.com for Batch Requests
    • Batch calls might look like this:
    • [
    • { &quot;method&quot; : &quot;POST&quot; , &quot;relative_url&quot; : &quot;me/photos&quot; , &quot;body&quot; : &quot;message=My cat photo&quot; , &quot;attached_files&quot; : &quot; file1 &quot; } ,
    • { &quot;method&quot; : &quot;POST&quot; , &quot;relative_url&quot; : &quot;me/photos&quot; , &quot;body&quot; : &quot;message=My dog photo&quot; , &quot;attached_files&quot; : &quot; file2 &quot; }
    • ]
      • Where file1 and file2 are multipart/mime property names
    • Remember, max 20 batch calls per request
    • Batch Photo Uploads
    • TO THE BATCH-CAVE
    • cURL FTW
    • $ curl  -F    &quot;access_token= $TOKEN &quot;  
    •      -F    'batch=[{&quot;method&quot;:&quot;POST&quot;, &quot;relative_url&quot;:&quot;me/photos&quot;,
    •                 &quot;body&quot;:&quot;message=FDGL Logo&quot;, &quot;attached_files&quot;:&quot;logo&quot;},
    •                 {&quot;method&quot;:&quot;POST&quot;, &quot;relative_url&quot;:&quot;me/photos&quot;,
    •                 &quot;body&quot;:&quot;message=Gadfly Column&quot;, &quot;attached_files&quot;:&quot;clipping&quot;}]'  
    •      -F   'logo=@fdgl-logo.jpg'   -F   'clipping=@fdgl-clipping.jpg'  
    •     https: // graph.facebook.com
    • Batch Photo Upload Example
    • Result
    • JSON response with FB photo IDs
    • New Album created
    • “ Pending” because publish_stream permission not granted
    • DARLING, YOU SEND ME
    • A new Social Plugin
    • “ Because Sometimes It’s Private” 1
    • XFBML & JS SDK required
    • Has API access for stats
      • views, clicks, inbox_views, inbox_clicks
    • JS event ‘message.send’ for FB.Event.Subscribe
    • Get your OG Metadata right!
    • Add to Like Button
    • < div   id = &quot;fb-root&quot; >< / div > < script   src = &quot;http://connect.facebook.net/LOCALE/all.js#xfbml=1&quot; >< / script > <fb:like  href = &quot;example.com&quot;  ……  send = &quot;true&quot; >< / fb:like>
    • Or Standalone
    • < div   id = &quot;fb-root&quot; >< / div >
    • < script   src = &quot;http://connect.facebook.net/LOCALE/all.js#xfbml=1&quot; >< / script >
    • <fb:send  href = &quot;example.com&quot; >< / fb:send>
    • The Send Button
    1. http://developers.facebook.com/blog/post/494/
    • DON’T GET TESTY
    • Test Users
    • Limit per app raised to 500
    • Get email & password in create response
    • Change password via API
    • Re-authentication
    • Get user to re-authenticate just in case
    • Force HTTPS
    • An “F-Commerce” enabler
    • See http://developers.facebook.com/docs/reauthentication/
    • Permissions via Graph API
    • A new connection: permissions
      • https://graph.facebook.com/me/permissions?access_token= TOKEN
    • Previously fetchable via FQL
    • Other API Updates
    • GUNS AND BUTTER
    • Promotions Policy
    • The Land of Do-as-you-please?
    • Blanket promotion type ban lifted
    • Following local legal requirements is now down to the promoters
      • Enough rope to hang ourselves
    • Promotions types allowed
    • Alcohol
    • Gambling
    • Firearms
    • Gasoline.
    • And cheese.
      • My life is complete.
  • Iskandar Najmuddin Technical Services Director Syncapse [email_address] twitter.com/iskandar +44.207.096.0146 Thank You Yearning, burning questions? Ask me stuff at the break.