Facebook SSO For Flash & Mobile AIR Apps


This implementation is taken from TrainLord as it runs on web (flash), android and iOS (AIR) platforms. Facebook’s authentication flows are based on the OAuth 2.0 protocol. Its recommended you have general undesrtanding of OAuth protocol prior reading this article.

If you run services on your own backend (like TrainLord does), the main point of whole thing is to securely pair a facebook id and user session. So later, whenever user does a request to your backend it automatically recoginzes the facebook id. In my case I used id and name to create an unique user record in my database so I can save some more user related data (score, etc.).

Read the rest of this entry »

Quick Tip: Key Hash For Facebook Android Application in AIR


It may be a little tricky to setup “Native Android App” section for your Facebook application. Especially the field “Key Hashes”. Facebook provides instructions for acquiring debug version hash but is not very clear about how to get one for signed application. There is a lot of valid answers around the internet, but the one I needed was still missing. Imagine this simple scenario where you export and sign (using .p12 cert) your AIR Android project, you have an .apk file and want to get a key hash for facebook. Then I finally found the answer:

Read the rest of this entry »

Authorizing Facebook Applications in Android

Hold on, this is going to be fast and smooth! I am playing with an Android Emluator for a few days now. One of the challenges was to mount FacebookOAuthGraph lib into Android. It turned out to be 1 hour task. Thanks to Flash-Core article and sHTiF and StageWebView. Long live AIR for Android! 🙂 Follow the article for codes:

Read the rest of this entry »

Authorizing Facebook Applications in AIR

I was asked to make AIR compatibile version of FacebookOAuthGraph class. It was a nice little challenge for me, where I learn some new things about AIR. E.g. how easy it is to define the JavaScript callback directly from ActionScipt (HTMLLoader.window.methodName)… There are more ways to make authorization process work for you, I have chosen the one with popup window. In order to make FacebookOAuthGraph work for AIR, the short extending is required, instead of creating popup window from JavaScript, popup is created by HTMLLoader.createRootWindow (no ExternalInterface required)…

Read the rest of this entry »

Publish Your AIR Applications To Facebook

Hi folks! Today, while mounting some of my projects into AIR, I realized that it would be great if I could pusblish AIR badges over Facebook. You know what? That is possible! I have created a simple flex application + facebook application that, based on parameters, generates AIR badge for an app. Now its time to share the stuff with you, feel free to publish your AIR badges, and let me know how do you like it.

Read the rest of this entry »

Neverending Facebook API changes

Believe it or not, facebook changed part of its api again. Since today, authorizing for iframe applications does not work the same way it used to. Previously it was enough to redirect:


… where facebook authorized your app and redirects back to the:


… where session was valid access_token.

Read the rest of this entry »

Extending FacebookOAuthGraph Class

While The Facebook Graph API article becomes pretty popular and a lot of developers keep asking me to publish some practices I use, I managed to create this blog post. Here is a list o some functions you may want to extend FacebookOAuthGraph Class with.

Read the rest of this entry »

Authorizing Iframe Facebook Applications For Graph API

This article continues my exploration of best facebook graph api integration into your flash app. Before continue reading, make sure you understand the previous article. Due to huge interest, I am adding codes that makes your flash app working with graph api within facebook iframe. Try this app live on http://apps.facebook.com/blogoauthgraph/, notice once you get there, you are redirected to grant permissions (if not authorized or granted already) and then redirected back to the app, where you are connected and ready to use graph api.

Read the rest of this entry »

Facebook Graph API & OAuth 2.0 & Flash (update)

As previously mentioned, facebook released a new Graph API. It is based on OAuth 2.0 protocol (old authorization token also works). While it is fresh thing, there is no much ActionScript stuff around, so I came with FacebookOAuthGraph class. This class is meant to be used as an abstract class, while it contains just the basic authentication algorithm and call method to request data. It stores access token in SharedObject, so next time you came into app, you get connected on background without noticing (no popup etc.). Your token should expire in 24 hours.

Read the rest of this entry »

Facebook now with OAuth and Open Graph (update)

Few days before while I was working on TwitterLogger Class for ActionScript 3 I discovered OAuth – an open protocol to allow secure API authorization . While reading all the stuff about OAuth and PHP SDKs, I noticed one statement somewhere (can’t find it nowhere) that Facebook was in fact using OAuth for its Facebook Connect tool but some derived version. This has now changed! Facebook is standardizing communication and authorization by introducing Open Graph and OAtuh 2.0.

Read the rest of this entry »