October 1, 2011

OAuth 2.0 Migration

As we announced in May, all apps must migrate to OAuth 2.0 for authentication and expect an encrypted access token. The old SDKs, including the old JS SDK and old iOS SDK will no longer work.

Apps on Facebook Authentication and Security Migration (HTTPS)

All Canvas and Page tab apps must convert to process signed_request (fb_sig will be removed) and obtain an SSL certificate for use in "Secure Canvas URL" and "Secure Page Tab URL" (unless you are in Sandbox mode). You must provide an SSL certificate in the Dev App settings to avoid having your app disabled.

auth.promotesession Deprecation

This method is deprecated and will be removed.

manage_pages Permission Required to Access User Accounts (/me/accounts)

We are modifying access to the FQL page_admin table and the graph.facebook.com/me/accounts endpoint. Previously, with basic permissions granted, an app could go to this endpoint or the FQL table to access the list of a user’s apps and Pages. We are going to require that apps have the manage_pages permission in order to obtain access to this information.