Closed devongovett closed 10 years ago
Awesome! This takes care of the "static" version of the access token.
We need a convenience function buildAppSecret
that returns the an appSecret, so that users can pass in the
appSecret through the url.
Ok, not sure how likely it is that users will have multiple app secrets that they'll want to swap out though.
Facebook recommends adding the
appsecret_proof
parameter to all API calls to verify that the access tokens are coming from a valid app. I've added a method tosetAppSecret
to set the app secret used to generate theappsecret_proof
parameter for all API requests. If both an app secret and an access token are present, the hash will be generated and sent to Facebook automatically for all API calls.