Add support for verifying graph API calls with appsecret_proof

criso / fbgraph

NodeJs module to access the facebook graph api

http://criso.github.io/fbgraph/

1.09k stars 176 forks source link

Add support for verifying graph API calls with appsecret_proof #38

Closed devongovett closed 10 years ago

devongovett commented 10 years ago

Facebook recommends adding the appsecret_proof parameter to all API calls to verify that the access tokens are coming from a valid app. I've added a method to setAppSecret to set the app secret used to generate the appsecret_proof parameter for all API requests. If both an app secret and an access token are present, the hash will be generated and sent to Facebook automatically for all API calls.

criso commented 10 years ago

Awesome! This takes care of the "static" version of the access token. We need a convenience function buildAppSecret that returns the an appSecret, so that users can pass in the appSecret through the url.

devongovett commented 10 years ago

Ok, not sure how likely it is that users will have multiple app secrets that they'll want to swap out though.