|
This morning I have received this email from Facebook:
So it looks like we should adapt if we don't want Facebook login to stop working soon... |
|
The Facebook authentication module has been modified to support the OAuth 2.0 mechanism better, relying on the server-side flow, as described in the documentation: http://developers.facebook.com/docs/authentication/#server-side-flow The previous implementation was using the JavaScript SDK, and indeed when I was testing some issues were found after the oauth parameter had been enabled. Also, from now on the OAuth 2.0 access token is stored in session, rather than in a cookie - which means better security. For the implementation the following modules were used:
SVN commit: http://svn.osqa.net/changelog/OSQA/?cs=1211 Important! In order to have everything working smoothly after December 13th, consider updating. @Jordan My facebook button disappeared from the signin page after I updated. I updated to 1211 manually. Just copying and pasting the code from svn. Is there a problem updating this way?
(10 Dec '11, 16:30)
Michael1
I guess you've missed something during the pastes. Better do a complete update.
(11 Dec '11, 09:48)
Jordan ♦♦
1
@Jordan We have updated to trunk and the problem is that now OSQA uses a different ID for Facebook users. This means that all our current Facebook users lose all their configuration, karma, etc. because they are identified as new users. Until today OSQA used the Facebook user id (a long number) as the identifier and now trunk uses a long alphanumeric token as the id. Could you please update trunk to use again the Facebook user id ?
(16 Dec '11, 05:43)
Oscar ♦
@Jordan the current situation is even worse than I thought because the access_token that you are currently using as assoc_key changes every time that the user logs in through Facebook. So every time she/he is identified as a completely new user. Could you please use again the Facebook id as the assoc_key ?
(16 Dec '11, 06:13)
Oscar ♦
1
Hey @Oscar. I've just reworked the Facebook authentication to use user ID for further association. It was a bit confusing, because other OAuth 2.0 authentication providers use access_token for association, but in any case sorry for the issue and thanks for the catch.
(16 Dec '11, 07:12)
Jordan ♦♦
@Jordan, can you please edit your answer, so that it gives links to all the commits and steps required for the update?
(17 Dec '11, 12:15)
mgiann
Hey @mgiann, to update just follow the standard update procedure for your installation - if you've checked out OSQA from SVN, then just run "svn update", or just overwrite the existing code, and then restart the Apache2 server. Regarding the commits - all of them are available on this page, you can follow if you need them.
(17 Dec '11, 13:28)
Jordan ♦♦
showing 5 of 9
show 4 more comments
|
|
OSQA uses OAuth 2.0 for Facebook authentication since revision #1044: http://svn.osqa.net/changelog/OSQA?cs=1044 If you're using version >= 1044 everything should be ok with the Facebook login on your site. I don't think it is using OAuth because in the call to FB.init() I don't see the parameter "oauth: true". More info: https://developers.facebook.com/docs/oauth2-https-migration/
(09 Dec '11, 10:36)
Oscar ♦
I don't think that the oauth parameter would be an issue in this case, because after the migration to OAuth 2.0 it should start defaulting to true I guess, but just in case it doesn't I modified it to true: http://svn.osqa.net/changelog/OSQA/?cs=1210 However I'll do some testing with the Facebook authentication later to check that everything is ok.
(09 Dec '11, 10:58)
Jordan ♦♦
|
