Upgrade Your App to OAuth 2.0 and HTTPS by October 1st


Hits: 4588  

Reminder- Upgrade Your App to OAuth 2.0 and HTTPS by October 1st

Facebook is going to upgrade Developer API by 1st October 2011. All sites and apps on Facebook will migrate to OAuth 2.0 through this update. This will ensure that users browsing Facebook over HTTPS will have a great experience over a secure connection. We can imagine that these changes will make facebook better and more secure while browsing apps.

Upgrading by 1st October

All websites and canvas apps must support OAuth 2.0.
All Canvas and Page Tab Apps must use the signed_request parameter.
SSL Certificate is required for all Canvas and Page Tab apps.
Users can not use Sandbox mode and not FBML.
Previous versions of our SDKs will stop working.

How to migrate to OAuth 2.0

Implementing the OAuth 2.0 authentication system.
Use latest SDKs – PHP SDK v.3.1.1.
Enable the Encrypted Access Token migration in the Developer App to use the encrypted access token.
Canvas Apps must verify that your app is using the signed_request parameter.

Reminder: Upgrade Your App to OAuth 2.0 and HTTPS by October 1st. In May we announced that all apps on Facebook need to support OAuth 2.0 and HTTPS to make the platform more secure.

All apps, including page tab apps, must migrate to OAuth 2.0 for authentication. The old SDKs, including the old JavaScript SDK (FeatureLoader.js) and old iOS SDK (facebook-iphone-sdk) will no longer work. In addition, non-iframe Canvas and Page Tab apps must support HTTPS and provide a secure canvas or secure page tab URL.

If you haven’t already made these changes, visit the Developer Roadmap before October 1st for more information about how to upgrade your app and avoid having it disabled.
You can also seek support in the Facebook Developer Group: https://www.facebook.com/groups/fbdevelopers/

Get more help here: FBTerminal or discuss here skype: svnlabs 🙂

SSL vs VPN


Hits: 3493  

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.[1] TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for privacy and a keyed message authentication code for message reliability.

Plain HTTP Data from Server to Client

Hackers might Attack PLAIN Data

Be aware of untrustworthy Web Sites

Use HTTPS / SSL for secure Web Access

3 Steps to get SSL…
1. Server Name
2. Certificate Authority
3. Public Key

A virtual private network (VPN) is a method of computer networking–typically using the public internet–that allows users to share information privately between remote locations, or between a remote location and a business’ home network. A VPN can provide secure information transport by authenticating users, and encrypting data to prevent unauthorized persons from reading the information transmitted. The VPN can be used to send any kind of network traffic securely.

VPN is network / server between Server & Client

Data Flow difference between HTTPS & VPN

Data Encryption can help you to secure access

‘Security is a not a product, but a process.’

Amazon S3 & Facebook Fanpage app


Hits: 10631  

I want to link Amazon S3 https object like “https://s3.amazonaws.com/bucket/index.html” to facebook iframed fan page…
But it returned error….

405 Method Not Allowed
Code: MethodNotAllowed
Message: The specified method is not allowed against this resource.
ResourceType: OBJECT
Method: POST
RequestId: XXXXXXXXXXXXX
HostId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

OR

PreconditionFailedAt least one of the pre-conditions you specified did not holdBucket POST must be of the enclosure-type multipart/form-data….. 🙁

OR

<Error>
<Code>PreconditionFailed</Code>
<Message>At least one of the pre-conditions you specified did not hold</Message>
<Condition>Bucket POST must be of the enclosure-type multipart/form-data</Condition>
<RequestId>F681CE6EB61CFAA3</RequestId>
<HostId>hMQd22w34G0TpwISr1gQDB/TdUniRjhJ355Scc9RxOWreDDb5XWYwEFzutkhjX72</HostId>
</Error>

After few searches I got link…. but not helpful 🙁
http://www.hyperarts.com/blog/facebook-secure-browsing-https-iframe-tabs-mixed-content-warnings/

Finally, I got good article on AWS Forum..
https://forums.aws.amazon.com/thread.jspa?messageID=228930

I came to know that facebook loads the requested HTTPS S3 URL “https://s3.amazonaws.com/bucket/index.html” by sending a form POST and injected some content into the iframe, but S3 have POST for file uploading only… so it returned “MethodNotAllowed”

Bucket Policies won’t work in this condition… 🙁

Now, I have few options to use S3 HTTPS Object “https://s3.amazonaws.com/bucket/index.html” in facebook iframed fan page…

1. Run a HTTPS Apache server that can load S3 HTTPS Object with POST method and supply to fan page 🙂
2. Load S3 HTTPS Object using another iframe on any server… see code below

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="https://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Facebook Fan Page - Amazon S3</title>
</head>

<body>
<iframe frameborder="0" style="width: 520px; height: 800px;" src="https://s3.amazonaws.com/svwpmu/index.html" scrolling="no"></iframe>
</body>
</html>

You can check videos released on blog 9th May 2011 for more detailed installation…

I have partnered with Shelle Kind of facebook social marketing and we have released the Amazon S3 / EC2 Solution for Facebook fanpage apps.

Partner: Shelle-K | Custom graphic and web developer

When MIND is weak situation is a PROBLEM, when MIND is balanced situation is CHALLENGE, when MIND is strong situation is an OPPORTUNITY 😉