We took a look at some of the Facebook Connect libraries out there for the iPhone, especially ones written in Objective-C, and were shocked at how hands-on you had to get to do something as simple as publish a message.
They tend to be complicated because there are multiple steps involved. The first step is enabling the user to login. This means the user has to authenticate on Facebook’s web site. In Corona, you can open any URL inside a web popup without leaving Corona. So in our facebook.lua library, we automatically bring you to the Facebook login page and then capture the appropriate results to access the Facebook Connect API.
Once you’ve authenticated with Facebook, there are several additional steps that make using the Facebook API unwieldy like keeping track of a session key to create REST-based queries. To make your life easier, the facebook.lua library wraps all those details for you. The actual Facebook sample uses this library to do a lot of fancy things like adding a status message telling you whether you’re connected. Once connected, the sample will publish a new post to your wall adding an image and a hyperlink to that same post.
Web popups are something you should add to your arsenal as you develop more apps with Corona. They let you combine web pages with standard Corona graphics and animation in novel ways, like creating help screens completely in HTML, gaining access to native UI controls like the picker wheel, and even animating Corona objects by making the background of the web popup transparent.
Alex Amato
Correct me if I’m wrong, but you shouldn’t have developers placing their Facebook app secret keys on client side code.
This is a huge computer security issue? If I inspect the memory on my mobile device, running a program that has this information, I could still these keys and do all sorts of nasty stuff. I could write my own app that authenticates users into someone else’s Facebook app, I could access the Facebook API as if I was someone else’s application.
I know that you need the secret key to verify the signature from Facebook, but this shouldn’t be done on the client side. If you don’t create a server to authenticate users, you need to trust the access token and trust that you are speaking to Facebook, without verifying the signatures with your app secret.
Dewey
this post is about the OLD Facebook library which is deprecated….it should mention that on here lest it cause confusion with new users..