Few days before while I was working on TwitterLogger Class for ActionScript 3 I discovered OAuth – an open protocol to allow secure API authorization . While reading all the stuff about OAuth and PHP SDKs, I noticed one statement somewhere (can’t find it nowhere) that Facebook was in fact using OAuth for its Facebook Connect tool but some derived version. This has now changed! Facebook is standardizing communication and authorization by introducing Open Graph and OAtuh 2.0.
F8 is a Facebook conference to bring together the developers and entrepreneurs who are building the social Web by moving fast, taking risks, and hacking traditional systems. In April 21, 2010, in F8 conference a few interesting things have been mentioned about the new Facebook API. Facebook CEO Mark Zuckerberg announced that the Facebook Connect brand would be eliminated as part of the launch of Open Graph.
Update (May 5, 2010): I have created Facebook Graph API & OAuth 2.0 & Flash – FacebookOAuthGraph ActionScript 3 class to use with OAuth 2.0 and Graph
The Open Graph API will allow any page on the Web to have all the features of a Facebook Page – users will be able to become a Fan of the page, it will show up on that user’s profile and in search results, and that page will be able to publish stories to the stream of its fans. (Facebook Roadmap Open Graph API)
Open Graph protocol also introduces <meta> tags, that allows you to specify structured information about your web page when used with like button etc.
Here are some url examples of Graph API usage:
http://graph.facebook.com/[USERID] - user’s graph for your app http://graph.facebook.com/[USERID]/friends - access to user’s friends http://graph.facebook.com/[USERID]/likes - access user’s likes
By default these requests return JSON objects, but I guess there is a parameter to be passed to get xml instead (my guess).
Cool thing about this is there is a benevolent crossdomain file on http://graph.facebook.com/crossdomain.xml:
<cross-domain-policy> <allow-access-from domain="*"/> <site-control permitted-cross-domain-policies="master-only"/> </cross-domain-policy>
Some of those returns “OAuthAccessTokenException” thats where new OAuth comes in scene.
Second thing noticed was that the company is standardizing the authorization via the OAuth 2.0 standard. The important thing here is, OAuth is already available for all existing Facebook APIs, and there are multiple methods to get authenticated with OAuth in Facebook. Check out the PHP example code example code for authentication on GitHub. Difference to previous connect is that sessions may last longer than 24 hours.
Lets hope there will be new version of Facebook ActionScript API released soon enough with all these new features…
Where to go from here: