Desktop session secret will not always end with double-underscore

[GoogleCodeExporter]

In the ExtensibleClient there is the following logic:
if ( secret.endsWith( "__" ) ) {
  _isDesktop = true;
}

This is not durable test: It is possible to get a session secret that does 
NOT end with double-underscore.

To reproduce:
Create a new desktop mode Facebook app
Generate an authentication URL using the app's API key
Authorize that application for a user
Request offline_access extended permission
Run auth_promote and get back the session key and session secret, notice 
the session secret doesn't end with double-underscore

Example (these have been modified to avoid giving out secret key):
DESKTOP_APIKEY=0ba346696372c2b673ad32ce-11002633
DESKTOP_SECRET=3263335400f70c9f1872e1a314cccf33

Original issue reported on code.google.com by abdinoor on 28 May 2009 at 11:57

[GoogleCodeExporter]

Original comment by david.j....@googlemail.com on 29 May 2009 at 7:17

• Added labels: Priority-High
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Original comment by david.j....@googlemail.com on 31 May 2009 at 7:49

[GoogleCodeExporter]

I've noticed this too..

I think the api users will have to tell us explicitly when they hand us a
sessionSecret instead of a normal appSecret.  I have added a constructor for 
this,
but haven't publicized the requirement yet...

Original comment by fern...@gmail.com on 21 Nov 2009 at 9:06