Re: [Flashcoders] Converting a flash game to facebook app
+1 !:) sorry for the late reply, thanks for your elaborate explanation! On 1-6-2012 23:36, Karl DeSaulniers wrote: That was awesome Ben! Thanks, Best, Karl On May 31, 2012, at 11:25 PM, Ben Sand wrote: The way an app should work (and bear in mind this could be different for hosted games): Tracking of an individual user should all be handled as per normal with your server, using cookies. You should be able to find a user account plugin for whatever framework you're working with to manage this for you. Ideally find one that integrates with facebook to make your life easier. The client shouldn't communicate with Facebook directly, except to get publicly available data, such as a small profile pic of any user. Background: * You as a developer create an App on Facebook, specifying the permission the app should have, eg. see friend lists, create events, read messages, post on wall etc. (for some reason you also specify this when you connect to the facebook servers, not sure why...). Facebook then issues you with an API key/secret for your app. You can recreate this if it becomes compromised in some way. * Your server holds the facebook API key. 1. Client talks to your server and asks to login/authenticate. 2. Your server redirects client to Facebook, with a login request for your app and a list of permissions (again, not sure why this needs to be repeated, possibly because you're allowed to request a subset of permissions). 3. Facebook presents the app name and a list of desired permissions and asks the user to agree. The screen used to do this changes all the time, which is quite annoying, they don't seem to have worked out an ideal presentation for it yet. 4. If the user accepts, your app gets notified (probably by the user, although it might be by facebook) and the user is redirected to your site. At any rate. you now have a user token that can be used to connect to facebook to enquire about the user. 5. At any point in time, using a combination of your API key and the user token your server can access the permissions the user granted you, by contacting facebook directly. If you release the API key, at the very least, someone can masquerade as your app. They may be able to access data for users they don't have a token for, not sure about that. And one more fun thing we found out the other day - if a user changes their password, the token will change, and your app needs to have some mechanism for updating it, or the user will likely hit a 500 error. On 1 June 2012 04:13, Hans Wichman hans.wich...@gmail.com wrote: Hi Henrik, not to hijack Paul's thread, but do you have some more info on this subject. Eg the client would need some way to uniquely id itself to the server, lest the server give out this data to anyone which is kind of the same as making your api key public?. The client could be decompiled etc etc, referrers can be faked.. is there some kind of standard setup that you know of that prevents this? My guess it would benefit Paul as well as the rest of us (me;)). regards, Hans On 31-5-2012 18:00, Henrik Andersson wrote: The idea is obviously to let your server be the one who asks the Facebook servers for the data, meaning that the only possible attack points are the server itself and the connection. If your server is compromised then you have fail security. If the connection is compromised then SSL failed. SSL is much less likely to fail. Point is, the client never sees the key. Hans Wichman skriver: Hi Ben, if you put the keys on your server, can't they be sniffed anyway or am i missing something? tnx H __**_ Flashcoders mailing list Flashcoders@chattyfig.figleaf.**com Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/**mailman/listinfo/flashcodershttp://chattyfig.figleaf.com/mailman/listinfo/flashcoders __**_ Flashcoders mailing list Flashcoders@chattyfig.figleaf.**com Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/**mailman/listinfo/flashcodershttp://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Karl DeSaulniers Design Drumm http://designdrumm.com ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
That was awesome Ben! Thanks, Best, Karl On May 31, 2012, at 11:25 PM, Ben Sand wrote: The way an app should work (and bear in mind this could be different for hosted games): Tracking of an individual user should all be handled as per normal with your server, using cookies. You should be able to find a user account plugin for whatever framework you're working with to manage this for you. Ideally find one that integrates with facebook to make your life easier. The client shouldn't communicate with Facebook directly, except to get publicly available data, such as a small profile pic of any user. Background: * You as a developer create an App on Facebook, specifying the permission the app should have, eg. see friend lists, create events, read messages, post on wall etc. (for some reason you also specify this when you connect to the facebook servers, not sure why...). Facebook then issues you with an API key/ secret for your app. You can recreate this if it becomes compromised in some way. * Your server holds the facebook API key. 1. Client talks to your server and asks to login/authenticate. 2. Your server redirects client to Facebook, with a login request for your app and a list of permissions (again, not sure why this needs to be repeated, possibly because you're allowed to request a subset of permissions). 3. Facebook presents the app name and a list of desired permissions and asks the user to agree. The screen used to do this changes all the time, which is quite annoying, they don't seem to have worked out an ideal presentation for it yet. 4. If the user accepts, your app gets notified (probably by the user, although it might be by facebook) and the user is redirected to your site. At any rate. you now have a user token that can be used to connect to facebook to enquire about the user. 5. At any point in time, using a combination of your API key and the user token your server can access the permissions the user granted you, by contacting facebook directly. If you release the API key, at the very least, someone can masquerade as your app. They may be able to access data for users they don't have a token for, not sure about that. And one more fun thing we found out the other day - if a user changes their password, the token will change, and your app needs to have some mechanism for updating it, or the user will likely hit a 500 error. On 1 June 2012 04:13, Hans Wichman hans.wich...@gmail.com wrote: Hi Henrik, not to hijack Paul's thread, but do you have some more info on this subject. Eg the client would need some way to uniquely id itself to the server, lest the server give out this data to anyone which is kind of the same as making your api key public?. The client could be decompiled etc etc, referrers can be faked.. is there some kind of standard setup that you know of that prevents this? My guess it would benefit Paul as well as the rest of us (me;)). regards, Hans On 31-5-2012 18:00, Henrik Andersson wrote: The idea is obviously to let your server be the one who asks the Facebook servers for the data, meaning that the only possible attack points are the server itself and the connection. If your server is compromised then you have fail security. If the connection is compromised then SSL failed. SSL is much less likely to fail. Point is, the client never sees the key. Hans Wichman skriver: Hi Ben, if you put the keys on your server, can't they be sniffed anyway or am i missing something? tnx H __**_ Flashcoders mailing list Flashcoders@chattyfig.figleaf.**com Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/**mailman/listinfo/flashcodershttp://chattyfig.figleaf.com/mailman/listinfo/flashcoders __**_ Flashcoders mailing list Flashcoders@chattyfig.figleaf.**com Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/**mailman/listinfo/flashcodershttp://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Karl DeSaulniers Design Drumm http://designdrumm.com ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Converting a flash game to facebook app
Thanks for all the helpful replies. I spent a good few hours last night trying to follow some tutorials on the web without much success. I thought I would start with the real basics and just try and add a hello world iFrame web page that literally just displayed the words hello world. From what I read it appeared I needed to use a SSL host to host the index.html page so I signed up for Amazon Web Services. Unfortunately this did not work as apparently the way Facebook accessed the page involves sending data via post and this resulted in an error when using Amazon Web Services hosted file. Very surprised it is not more straightforward and also how bad the documentation is considering how huge Facebook is. Possibly I am trying to run before I am not really too familiar with how Facebook works. In all honesty, I am not even sure where a game would appear on a facebook page even if I did manage to figure it out:) P -Original Message- From: flashcoders-boun...@chattyfig.figleaf.com [mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Mattheis, Erik (MIN-WSW) Sent: 30 May 2012 20:45 To: Flash Coders List Subject: Re: [Flashcoders] Converting a flash game to facebook app If by dinosaur you mean you haven't done Facebook since the REST API was retired, transitioning to Graph isn't a big deal if you're not rolling your own but using one of the SDKs - https://developers.facebook.com/docs/sdks/ or the AS3 SDK Sydney pointed to. If you mean you're completely new to Facebook development it can be a huge pain, but you'll save at least a few days if you go into it ignoring all documentation Facebook provides other than the reference: https://developers.facebook.com/docs/reference/api/ Google will find blog posts by people who give step by step instructions for registering your account as a developer, setting up an app, setting up a SDK and giving you source code of a functioning app to look at. On 5/30/12 1:43 PM, Hans Wichman hans.wich...@gmail.com wrote: Hi Paul, I faced the same problem a while ago and found the whole facebook mumbojumbo pretty hard to wrap my head around, opengraphs, graph api etc. The project was cancelled so I was off the hook, but I spent about a week reading facebook's docs none the wiser, so I don't exactly share Sidney's experience. I didn't have a specific goal they wanted me to complete so that made it harder as well, but still. I did find some very good books specifically on flash games on facebook at amazon. regards H On 30-5-2012 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _ _ _ Erik Mattheis | Weber Shandwick P: (952) 346.6610 M: (612) 377.2272 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
Hi Paul, Did you see the tutorial series by Adobe @ http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_pt1.html. Also, to begin with, you can avoid SSL usage since its not mandatory to use secure url currently. I dont remember the exact roll out date but there is still some time until SSL is absolutely necessary. Once you integrate your application successfully within facebook, you can then migrate to secure connection. Hope it helps. Thanks, Rohit On Thu, May 31, 2012 at 2:42 PM, Paul Steven paul_ste...@btinternet.comwrote: Thanks for all the helpful replies. I spent a good few hours last night trying to follow some tutorials on the web without much success. I thought I would start with the real basics and just try and add a hello world iFrame web page that literally just displayed the words hello world. From what I read it appeared I needed to use a SSL host to host the index.html page so I signed up for Amazon Web Services. Unfortunately this did not work as apparently the way Facebook accessed the page involves sending data via post and this resulted in an error when using Amazon Web Services hosted file. Very surprised it is not more straightforward and also how bad the documentation is considering how huge Facebook is. Possibly I am trying to run before I am not really too familiar with how Facebook works. In all honesty, I am not even sure where a game would appear on a facebook page even if I did manage to figure it out:) P -Original Message- From: flashcoders-boun...@chattyfig.figleaf.com [mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Mattheis, Erik (MIN-WSW) Sent: 30 May 2012 20:45 To: Flash Coders List Subject: Re: [Flashcoders] Converting a flash game to facebook app If by dinosaur you mean you haven't done Facebook since the REST API was retired, transitioning to Graph isn't a big deal if you're not rolling your own but using one of the SDKs - https://developers.facebook.com/docs/sdks/ or the AS3 SDK Sydney pointed to. If you mean you're completely new to Facebook development it can be a huge pain, but you'll save at least a few days if you go into it ignoring all documentation Facebook provides other than the reference: https://developers.facebook.com/docs/reference/api/ Google will find blog posts by people who give step by step instructions for registering your account as a developer, setting up an app, setting up a SDK and giving you source code of a functioning app to look at. On 5/30/12 1:43 PM, Hans Wichman hans.wich...@gmail.com wrote: Hi Paul, I faced the same problem a while ago and found the whole facebook mumbojumbo pretty hard to wrap my head around, opengraphs, graph api etc. The project was cancelled so I was off the hook, but I spent about a week reading facebook's docs none the wiser, so I don't exactly share Sidney's experience. I didn't have a specific goal they wanted me to complete so that made it harder as well, but still. I did find some very good books specifically on flash games on facebook at amazon. regards H On 30-5-2012 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _ _ _ Erik Mattheis | Weber Shandwick P: (952) 346.6610 M: (612) 377.2272 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Converting a flash game to facebook app
Thanks Rohit I will look at the tutorials again tonight and give it a go avoiding SSL. Many thanks Paul -Original Message- From: flashcoders-boun...@chattyfig.figleaf.com [mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Rohit Sharma Sent: 31 May 2012 10:40 To: Flash Coders List Subject: Re: [Flashcoders] Converting a flash game to facebook app Hi Paul, Did you see the tutorial series by Adobe @ http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_pt1.html. Also, to begin with, you can avoid SSL usage since its not mandatory to use secure url currently. I dont remember the exact roll out date but there is still some time until SSL is absolutely necessary. Once you integrate your application successfully within facebook, you can then migrate to secure connection. Hope it helps. Thanks, Rohit On Thu, May 31, 2012 at 2:42 PM, Paul Steven paul_ste...@btinternet.comwrote: Thanks for all the helpful replies. I spent a good few hours last night trying to follow some tutorials on the web without much success. I thought I would start with the real basics and just try and add a hello world iFrame web page that literally just displayed the words hello world. From what I read it appeared I needed to use a SSL host to host the index.html page so I signed up for Amazon Web Services. Unfortunately this did not work as apparently the way Facebook accessed the page involves sending data via post and this resulted in an error when using Amazon Web Services hosted file. Very surprised it is not more straightforward and also how bad the documentation is considering how huge Facebook is. Possibly I am trying to run before I am not really too familiar with how Facebook works. In all honesty, I am not even sure where a game would appear on a facebook page even if I did manage to figure it out:) P -Original Message- From: flashcoders-boun...@chattyfig.figleaf.com [mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Mattheis, Erik (MIN-WSW) Sent: 30 May 2012 20:45 To: Flash Coders List Subject: Re: [Flashcoders] Converting a flash game to facebook app If by dinosaur you mean you haven't done Facebook since the REST API was retired, transitioning to Graph isn't a big deal if you're not rolling your own but using one of the SDKs - https://developers.facebook.com/docs/sdks/ or the AS3 SDK Sydney pointed to. If you mean you're completely new to Facebook development it can be a huge pain, but you'll save at least a few days if you go into it ignoring all documentation Facebook provides other than the reference: https://developers.facebook.com/docs/reference/api/ Google will find blog posts by people who give step by step instructions for registering your account as a developer, setting up an app, setting up a SDK and giving you source code of a functioning app to look at. On 5/30/12 1:43 PM, Hans Wichman hans.wich...@gmail.com wrote: Hi Paul, I faced the same problem a while ago and found the whole facebook mumbojumbo pretty hard to wrap my head around, opengraphs, graph api etc. The project was cancelled so I was off the hook, but I spent about a week reading facebook's docs none the wiser, so I don't exactly share Sidney's experience. I didn't have a specific goal they wanted me to complete so that made it harder as well, but still. I did find some very good books specifically on flash games on facebook at amazon. regards H On 30-5-2012 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _ _ _ Erik Mattheis | Weber Shandwick P: (952) 346.6610 M: (612) 377.2272 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
It's fairly straight forward to add facebook functionality to a website/app, there's lots of apis floating around, or you can just talk to fb directly. Be aware their API does change over time. I'm not sure how good they are at maintaining backwards compatibility. My experience is in external flash app development with facebook authentication and access to fb data such as friends and groups via ruby on rails. I haven't done a game on facebook itself. Be careful with the API keys, for a standard app (ie. just using facebook for authentication and access to fb data, not hosted on fb itself) the keys should only be on your server and never put inside the app - since if users pull them out they can grab personal data of every other user for your app. I've seen cases of people being a bit lax with this and it's fine if it's just your team running the app for testing, but you must not do this for a public app. On 31 May 2012 02:17, Paul Steven paul_ste...@btinternet.com wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
Hi Ben, if you put the keys on your server, can't they be sniffed anyway or am i missing something? tnx H On 31-5-2012 17:33, Ben Sand wrote: It's fairly straight forward to add facebook functionality to a website/app, there's lots of apis floating around, or you can just talk to fb directly. Be aware their API does change over time. I'm not sure how good they are at maintaining backwards compatibility. My experience is in external flash app development with facebook authentication and access to fb data such as friends and groups via ruby on rails. I haven't done a game on facebook itself. Be careful with the API keys, for a standard app (ie. just using facebook for authentication and access to fb data, not hosted on fb itself) the keys should only be on your server and never put inside the app - since if users pull them out they can grab personal data of every other user for your app. I've seen cases of people being a bit lax with this and it's fine if it's just your team running the app for testing, but you must not do this for a public app. On 31 May 2012 02:17, Paul Stevenpaul_ste...@btinternet.com wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
The idea is obviously to let your server be the one who asks the Facebook servers for the data, meaning that the only possible attack points are the server itself and the connection. If your server is compromised then you have fail security. If the connection is compromised then SSL failed. SSL is much less likely to fail. Point is, the client never sees the key. Hans Wichman skriver: Hi Ben, if you put the keys on your server, can't they be sniffed anyway or am i missing something? tnx H ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
Hi Henrik, not to hijack Paul's thread, but do you have some more info on this subject. Eg the client would need some way to uniquely id itself to the server, lest the server give out this data to anyone which is kind of the same as making your api key public?. The client could be decompiled etc etc, referrers can be faked.. is there some kind of standard setup that you know of that prevents this? My guess it would benefit Paul as well as the rest of us (me;)). regards, Hans On 31-5-2012 18:00, Henrik Andersson wrote: The idea is obviously to let your server be the one who asks the Facebook servers for the data, meaning that the only possible attack points are the server itself and the connection. If your server is compromised then you have fail security. If the connection is compromised then SSL failed. SSL is much less likely to fail. Point is, the client never sees the key. Hans Wichman skriver: Hi Ben, if you put the keys on your server, can't they be sniffed anyway or am i missing something? tnx H ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
The way an app should work (and bear in mind this could be different for hosted games): Tracking of an individual user should all be handled as per normal with your server, using cookies. You should be able to find a user account plugin for whatever framework you're working with to manage this for you. Ideally find one that integrates with facebook to make your life easier. The client shouldn't communicate with Facebook directly, except to get publicly available data, such as a small profile pic of any user. Background: * You as a developer create an App on Facebook, specifying the permission the app should have, eg. see friend lists, create events, read messages, post on wall etc. (for some reason you also specify this when you connect to the facebook servers, not sure why...). Facebook then issues you with an API key/secret for your app. You can recreate this if it becomes compromised in some way. * Your server holds the facebook API key. 1. Client talks to your server and asks to login/authenticate. 2. Your server redirects client to Facebook, with a login request for your app and a list of permissions (again, not sure why this needs to be repeated, possibly because you're allowed to request a subset of permissions). 3. Facebook presents the app name and a list of desired permissions and asks the user to agree. The screen used to do this changes all the time, which is quite annoying, they don't seem to have worked out an ideal presentation for it yet. 4. If the user accepts, your app gets notified (probably by the user, although it might be by facebook) and the user is redirected to your site. At any rate. you now have a user token that can be used to connect to facebook to enquire about the user. 5. At any point in time, using a combination of your API key and the user token your server can access the permissions the user granted you, by contacting facebook directly. If you release the API key, at the very least, someone can masquerade as your app. They may be able to access data for users they don't have a token for, not sure about that. And one more fun thing we found out the other day - if a user changes their password, the token will change, and your app needs to have some mechanism for updating it, or the user will likely hit a 500 error. On 1 June 2012 04:13, Hans Wichman hans.wich...@gmail.com wrote: Hi Henrik, not to hijack Paul's thread, but do you have some more info on this subject. Eg the client would need some way to uniquely id itself to the server, lest the server give out this data to anyone which is kind of the same as making your api key public?. The client could be decompiled etc etc, referrers can be faked.. is there some kind of standard setup that you know of that prevents this? My guess it would benefit Paul as well as the rest of us (me;)). regards, Hans On 31-5-2012 18:00, Henrik Andersson wrote: The idea is obviously to let your server be the one who asks the Facebook servers for the data, meaning that the only possible attack points are the server itself and the connection. If your server is compromised then you have fail security. If the connection is compromised then SSL failed. SSL is much less likely to fail. Point is, the client never sees the key. Hans Wichman skriver: Hi Ben, if you put the keys on your server, can't they be sniffed anyway or am i missing something? tnx H __**_ Flashcoders mailing list Flashcoders@chattyfig.figleaf.**com Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/**mailman/listinfo/flashcodershttp://chattyfig.figleaf.com/mailman/listinfo/flashcoders __**_ Flashcoders mailing list Flashcoders@chattyfig.figleaf.**com Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/**mailman/listinfo/flashcodershttp://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
Hi Paul, The process is't that complex, the api's are pretty strait forward. You can check out: http://code.google.com/p/facebook-actionscript-api/ From here you also have some links to the dev center from adobe, they dedicated an whole section to Facebook. The docs and tuts will get you up to speed in no time. Last week i implemented Facebook oAuth in a mobile AIR app with this API and it cost me about 3 hours to go from start to finish. (Up until last week i was also a dinosaur in the Facebook arena ;-) ) Hope this helps you :) Sidney -- Sidney de Koning - Be a geek, rockstar style! Read my blog: http://www.funky-monkey.nl (http://www.funky-monkey.nl/blog/) On Wednesday 30 May 2012 Week 22 at 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com (mailto:Flashcoders@chattyfig.figleaf.com) http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
Hi Paul, I faced the same problem a while ago and found the whole facebook mumbojumbo pretty hard to wrap my head around, opengraphs, graph api etc. The project was cancelled so I was off the hook, but I spent about a week reading facebook's docs none the wiser, so I don't exactly share Sidney's experience. I didn't have a specific goal they wanted me to complete so that made it harder as well, but still. I did find some very good books specifically on flash games on facebook at amazon. regards H On 30-5-2012 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
If by dinosaur you mean you haven't done Facebook since the REST API was retired, transitioning to Graph isn't a big deal if you're not rolling your own but using one of the SDKs - https://developers.facebook.com/docs/sdks/ or the AS3 SDK Sydney pointed to. If you mean you're completely new to Facebook development it can be a huge pain, but you'll save at least a few days if you go into it ignoring all documentation Facebook provides other than the reference: https://developers.facebook.com/docs/reference/api/ Google will find blog posts by people who give step by step instructions for registering your account as a developer, setting up an app, setting up a SDK and giving you source code of a functioning app to look at. On 5/30/12 1:43 PM, Hans Wichman hans.wich...@gmail.com wrote: Hi Paul, I faced the same problem a while ago and found the whole facebook mumbojumbo pretty hard to wrap my head around, opengraphs, graph api etc. The project was cancelled so I was off the hook, but I spent about a week reading facebook's docs none the wiser, so I don't exactly share Sidney's experience. I didn't have a specific goal they wanted me to complete so that made it harder as well, but still. I did find some very good books specifically on flash games on facebook at amazon. regards H On 30-5-2012 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _ _ _ Erik Mattheis | Weber Shandwick P: (952) 346.6610 M: (612) 377.2272 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
hey, the graph api isn't such a hard thing to get your head around, it would be absolutely fantastic if it only worked how it was documented ;) the new(ish) as3 api that has been linked on here is a lot easier to use than the OAuth ports that were around before. this is really handy http://developers.facebook.com/tools/explorer?method=GETpath=591961122 as is setting up test users etc (details in the tools bit). now, as i hinted at before the graph api doesn't always behave how you would expect, but it's quirks are quirks for everyone, not just as3 devs. that said, stackoverflow has some great information on where the graph api goes offroad, it could be that the answers are php or js related but the graph api is always the same so you can work it out from there. hth, tom. On 30 May 2012 21:44, Mattheis, Erik (MIN-WSW) ematth...@webershandwick.com wrote: If by dinosaur you mean you haven't done Facebook since the REST API was retired, transitioning to Graph isn't a big deal if you're not rolling your own but using one of the SDKs - https://developers.facebook.com/docs/sdks/or the AS3 SDK Sydney pointed to. If you mean you're completely new to Facebook development it can be a huge pain, but you'll save at least a few days if you go into it ignoring all documentation Facebook provides other than the reference: https://developers.facebook.com/docs/reference/api/ Google will find blog posts by people who give step by step instructions for registering your account as a developer, setting up an app, setting up a SDK and giving you source code of a functioning app to look at. On 5/30/12 1:43 PM, Hans Wichman hans.wich...@gmail.com wrote: Hi Paul, I faced the same problem a while ago and found the whole facebook mumbojumbo pretty hard to wrap my head around, opengraphs, graph api etc. The project was cancelled so I was off the hook, but I spent about a week reading facebook's docs none the wiser, so I don't exactly share Sidney's experience. I didn't have a specific goal they wanted me to complete so that made it harder as well, but still. I did find some very good books specifically on flash games on facebook at amazon. regards H On 30-5-2012 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _ _ _ Erik Mattheis | Weber Shandwick P: (952) 346.6610 M: (612) 377.2272 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Converting a flash game to facebook app
Hi, What Sidney pointed out is right. The facebook-adobe-actionscript-api coupled with Adobe dev tutorials is a good way to initiate the task. Later on, once you get the hang of it, you can start looking at the Javascript SDK and how the AS3 sdk wraps all its functionality. -Rohit On Thu, May 31, 2012 at 2:53 AM, tom rhodes tom.rho...@gmail.com wrote: hey, the graph api isn't such a hard thing to get your head around, it would be absolutely fantastic if it only worked how it was documented ;) the new(ish) as3 api that has been linked on here is a lot easier to use than the OAuth ports that were around before. this is really handy http://developers.facebook.com/tools/explorer?method=GETpath=591961122 as is setting up test users etc (details in the tools bit). now, as i hinted at before the graph api doesn't always behave how you would expect, but it's quirks are quirks for everyone, not just as3 devs. that said, stackoverflow has some great information on where the graph api goes offroad, it could be that the answers are php or js related but the graph api is always the same so you can work it out from there. hth, tom. On 30 May 2012 21:44, Mattheis, Erik (MIN-WSW) ematth...@webershandwick.com wrote: If by dinosaur you mean you haven't done Facebook since the REST API was retired, transitioning to Graph isn't a big deal if you're not rolling your own but using one of the SDKs - https://developers.facebook.com/docs/sdks/or the AS3 SDK Sydney pointed to. If you mean you're completely new to Facebook development it can be a huge pain, but you'll save at least a few days if you go into it ignoring all documentation Facebook provides other than the reference: https://developers.facebook.com/docs/reference/api/ Google will find blog posts by people who give step by step instructions for registering your account as a developer, setting up an app, setting up a SDK and giving you source code of a functioning app to look at. On 5/30/12 1:43 PM, Hans Wichman hans.wich...@gmail.com wrote: Hi Paul, I faced the same problem a while ago and found the whole facebook mumbojumbo pretty hard to wrap my head around, opengraphs, graph api etc. The project was cancelled so I was off the hook, but I spent about a week reading facebook's docs none the wiser, so I don't exactly share Sidney's experience. I didn't have a specific goal they wanted me to complete so that made it harder as well, but still. I did find some very good books specifically on flash games on facebook at amazon. regards H On 30-5-2012 18:17, Paul Steven wrote: I am a bit of a dinosaur when it comes to facebook and have been asked to turn a flash game into a facebook app. Before I make a decision on whether I can take on this job I wanted a quick heads up on how complex a process is to do this? Thanks in advance. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _ _ _ Erik Mattheis | Weber Shandwick P: (952) 346.6610 M: (612) 377.2272 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders