Search Results

Search found 5699 results on 228 pages for 'facebook canvas'.

Page 57/228 | < Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >

  • call FB.login() after FB.init() automatically

    - by Tobi Projectx
    i`m developing an app for Facebook. My Code: function init() { window.fbAsyncInit = function() { var appID = 'xxxxxxxxxxxxxxxxxxxxxxxxxx'; FB.init({ appId: appID, status: true, cookie: true, xfbml: true}); login(); }; (function() { var e = document.createElement("script"); e.async = true; e.src = "https://connect.facebook.net/en_US/all.js?xfbml=1"; document.getElementById("fb-root").appendChild(e); }()); }; function login() { FB.login(function(response) { if (response.session) { if (response.perms) { // user is logged in and granted some permissions. // perms is a comma separated list of granted permissions } else { // user is logged in, but did not grant any permissions } } else { // user is not logged in } }, {perms:'read_stream,publish_stream,offline_access'}); }; I want to call the "init" function and after "init" should call the "login" function (open up the Facebook Login Window) automatically. But i always get "b is null" FB.provide('',{ui:function(f,b){if(!f....onent(FB.UIServer._resultToken));}}); Error in Firebug. Can anybody help me? Does anybody have the same problem? Thanks

    Read the article

  • facebook app using fbml displays nothing

    - by fusion
    i've made an app in php and html and trying to integrate it with fb. the app on my website is using jquery, but knowing that fbml doesn't support jquery, i've tried to instead use fbjqry. this doesn't work either. i'm not sure where i'm going wrong. /////////////// index.php: <?php // Copyright 2007 Facebook Corp. All Rights Reserved. require_once 'config_fb.php'; //***** Greet the currently logged-in user! echo "<p>Hello, <fb:name uid=\"$user_id\" useyou=\"false\" />!</p>"; include 'quote.html'; ?> ///////////////// quote.html: <!DOCTYPE html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" type="text/css" href="css/jquote.css" /> <!--<script type="text/javascript" src="scripts/jquery-1.4.2.js"></script>--> <script type="text/javascript" src="fbjqry/utility.js"></script> <script type="text/javascript" src="fbjqry/fjqry.js"></script> <script type="text/javascript"> // On page load, fill the box with content. $(document).ready(function() { $("#quoteContainer").load("quote.php"); }); var auto_refresh = setInterval( function () { $('#quoteContainer').load('quote.php'); }, 5000); // refresh every 10000 milliseconds </script> </head> <div id="wrapper"> <div class="header">&nbsp;Quote of the Day</div> <div id="quoteContainer"> </div> </div> </html> //// from the above file it should take quotes from quote.php and display it, but it doesn't display anything. it seems as though it isn't reading from the quote.php file. is the command of fbjqry different from jquery? if i use iframes instead of fbml, everything loads correctly except that i'd like tab/profile box for this app, which iframes doesn't have.

    Read the article

  • URL routing similar to Facebook (related to AJAX and the URL)

    - by Guilherme Cardoso
    In this article i'm gonna show you how i do when i have to update some content with AJAX and i have to change the URL. First, let's see an example to understand it better. If the user is reading a News with Id 1 and he clicked on another News with Id 2, if we update the content with AJAX the user is now reading the News Id 2 but the URL remains the same, for example: http://localhost/News/Read/1 Now let's see another example from Facebook. If i'm reading my profile and i click on Photos, Facebook updates it with AJAX and the URL switch to: http://www.facebook.com/guilhermegeek#!/guilhermegeek?sk=photos If we enter on that URL, it's mapped to: http://www.facebook.com/guilhermegeek?sk=photos The trick here is the parameters that we use after the #!. Those parameters are never sent to the server side, so we handle them on the client side (javascript).In the example of Facebook, he receives my profile name (guilhermegeek) and the action is to read photos. A few time ago i've written an article in my Portuguese blog explaining how to use an alternative to clients with javascript disabled. Like this: <a onclick="javascript:ReadNews(id);" href="#!News/Read/@id/">Title</a> When the user enter the link of that news, my function Read(); fills the News in the page. Then, i add the #!News/Read/@id/ to my URL. It's gonna stay something like this: http://localhost/News/Read/1#!News/Read/2 As i explained before, the News that the user is reading has the Id 2.The next step is to use javascript to check if the URL that the user typed has other News Id, because if we enter on the above URL our controller will get the Id 1 (everything after to the # isn't sent to the server side). $(document).ready(function () {             var h = window.location.hash;             if (h != null) {                 var parts = window.location.href.split('#!');                 if (parts.length > 1) {                     window.location.replace("http://localhost/" + parts[1]);                 }             }    }); It's pretty simple. I'm cutting everything after the #!, then i redirect the user to a new page. So, it's gonna stay:http://localhost/News/Read/2

    Read the article

  • Watch 53rd Grammy Awards 2011 Live Stream & Follow The Event On Facebook & Twitter

    - by Gopinath
    Grammy Awards is the biggest music awards ceremony that honours music genres. The 53rd Grammy Awards function will be held on February 13, 2011 at Staples Center in Los Angeles. The star studded musical event will be telecasted live on CBS TV between 8pm ET until 11:30pm ET. Behind The Scenes Live Stream On YouTube and Grammy.com Grammy, YouTube and TurboTax has teamed up to provide live stream of behind the scene coverage of key events starting at 5pm Feb 11th and runs through February 13th. Note that this stream will not broadcast the 3 hour long award presentation. Kind of bad, except the award presentation rest of the ceremony is streamed here.  The video stream is embedded below Catch live behind-the-scenes coverage of key events during GRAMMY week. Before the show, you can watch the Nominees Reception, Clive Davis Pre-GRAMMY Gala, the red carpet and the pre-telecast ceremony. During the show, go backstage to see the winners after they accept their award! You can catch the same stream on Grammys’s YouTube channel as well as on Grammy.com website Follow Grammy Awards On Facebook & Twitter The Grammy Awards has an official Facebook and Twitter account and you can follow them for all the latest information The Grammy’s Facebook Page The Grammy’s Twitter Page Grammy Live Streaming on UStream & Justin.tv Even though there is no official source that stream live of The Grammy Awards presentation ceremony, there will be plenty of unofficial sources on UStream and Justin.tv. So search UStream and Justin.tv for live streaming of The Grammy’s. TV Channels Telecasting The Grammy Awards 2011 Here is the list of TV channels in various countries offering live telecast of The Grammy Awards 2011. We keep updating this section as and when we get more information USA – CBS Television Network  – February 13, 2011 India – VH1 TV – February 14  2011 , 6:30 AM United Kingdom – ITV2  – 16 February 2011, 10:00PM – 12:00AM This article titled,Watch 53rd Grammy Awards 2011 Live Stream & Follow The Event On Facebook & Twitter, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • jquery remove issue in IE, canvas tag

    - by itsoft3g
    hi, I am creating a line in canvas tag using jquery drawing library. After the line drawn the <div id="cool"><canvas id="canid"></canvas></div> Then on click the below code executed. $('#canid').remove(); What happens in IE after removing, dom with canvas end tag and also line is not removed. Please help me out!.

    Read the article

  • How to set up RPX widget and facebook app to be able to authenticate with rpx_now?

    - by Andrei
    Using the sample app for rpx_now gem ( http://github.com/grosser/rpx_now_example) on localhost:3000, I have successfully logged in via Google Accounts, myOpenID, Yahoo, but cannot make it via Facebook. In the RPX app/widget settings I have set my facebook-app key and secret. In my facebook app settings, the Connect URL is myappname.rpxnow.com. But when I try to connect, then I don't even see a facebook login page, just a number of redirects and I am back to my localhost with the following exception http://gist.github.com/386520 . Before I was successfully connecting with oauth2 gem, however, without fetching user data - only authentication. That time I set only key/secret and localhost as my Connect URL. Currently, I don't even ask for email etc., but still the same problem. Can it happen because rpx_now cannot get requested user data from facebook? Or it is a problem of facebook key/secret? May be I need to provide more settings of my facebook app? RPXNow::ApiError in UsersController#create Got error: Invalid parameter: token (code: 1), HTTP status: 200 RAILS_ROOT: /home/Andrei/rpx_now_example Application Trace | Framework Trace | Full Trace /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now/api.rb:71:in `parse_response' /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now/api.rb:21:in `call' /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now.rb:23:in `user_data' /home/Andrei/rpx_now_example/app/controllers/users_controller.rb:16:in `create' Request Parameters: None Show session dump Response Headers: {"Content-Type"="", "Cache-Control"="no-cache"}

    Read the article

  • Cladogram, tree of life, cladistics, taxonomy in JS or canvas?

    - by boblet
    Good people - I need some help to find a way to create an interactive cladogram or phylogenetic tree (yes, I have read all related posts, and do not find what I am looking for). The thing is, I need the nodes to be name-able. An example would be something like this Most scripts I find are either applets, flash, or simply do not show the node classification, ie it would skip "feliformia" in this example. This is useless to me, as I would then end up with carnivore - anonymous node - anonymous node - anonymous node - tiger, and that is not good. This tree will in theory cover all life, so it could get rather large, and get links and names in english and latin from database. So: no flash, no applets. It must be horizontal, no supertrees (circular). I have gone through this http://bioinfo.unice.fr/biodiv/Tree_editors.html but most of them seems to be either old, not displaying sub-node levels, applets, or way too complex. I imagine this would be a delightful job for canvas/jQuery..? And chances are, someone got there before me? Any pointers much appreciated. Note: if anyone out there would like to do something like this as a project, I will be happy to help, even though it would not benefit me for this project.This type of taxonomy is not as simple as it may seem, and I would be happy see this happen.

    Read the article

  • How to implement Facebook leaderboard game for mobile?

    - by TrueGrime
    I am in the final stages of developing an indie C# mobile game that I will deploy to iPhones and Androids using Mono. I wish to add push notifications and a Facebook leader board feature into the game, such that the user will be presented with a list of all his/her friends that are playing the game and their weekly scores in the main screen. I have ZERO experience with web development/networking/databases. I recently started researching the field and formed a basic understanding. Facebook has SDKs in PHP, JavaScript, obj-c and java, tho reading the documentation examples still feels cryptic to me since it involves web/server tech. After researching some more, I understood that my options for server side are basically PHP or ASP.Net. It seems that ASP.Net is more favorable in my case since I am already proficient with C# (but there is no ASP.net SDK from Facebook... I am not sure if this implies that I cant interact with Facebook using ASP.Net). On the down side some have mentioned higher costs for ASP.Net, tho I havent looked further into that aspect yet. I also understood that JavaScript is client side technology. I started going through tutorials of ASP.Net, I was thinking that ASP.Net is a purely server side management language, but it started feeling more like WPF as those tutorials started getting into very lengthy discussions about creating website interfaces and styles. I am not interested in that, I just want to have a web server which my app can somehow communicate with and get friends/scores. Am I learning the right technologies for my goal? should I be learning something else? I am posting this in hopes that someone who knows this field well can see through my problem and help guide me, otherwise I could spend months studying something that might not be the right solution to my goal. Thanks.

    Read the article

  • Android: canvas.drawBitmap with Orientation(MagnetField)Sensor

    - by user368374
    hallo, i am developing Android app with orientation sensor. now i got problem. What i want to do is, change scale and position of bitmap which read from sd card. The scale and position depend on value from orientation sensor. i use canvas.drawBitmap(), then it cause problem. the app is just shut down. other drawXXX()methods have no problem..any suggestion? public class AnMagImgtestActivity extends Activity implements SensorEventListener { private SensorManager sensorManager; private MySurfaceView view; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); sensorManager = (SensorManager)getSystemService(SENSOR_SERVICE); view = new MySurfaceView(this); ///make it fullscreen getWindow().addFlags(WindowManager.LayoutParams.FLAG_FULLSCREEN); requestWindowFeature(Window.FEATURE_NO_TITLE); ///give screen a hiropon getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON); setContentView(view); } @Override protected void onResume() { super.onResume(); List sensors = sensorManager.getSensorList(Sensor.TYPE_ORIENTATION); if (sensors.size() 0) { Sensor sensor = sensors.get(0); sensorManager.registerListener(this, sensor, SensorManager.SENSOR_DELAY_GAME); } } @Override protected void onPause() { super.onPause(); sensorManager.unregisterListener(this); } @Override public void onAccuracyChanged(Sensor sensor, int accuracy) { } @Override public void onSensorChanged(SensorEvent event) { view.onValueChanged(event.values); } class MySurfaceView extends SurfaceView implements SurfaceHolder.Callback{ public MySurfaceView(Context context) { super(context); getHolder().addCallback(this); } @Override public void surfaceChanged(SurfaceHolder holder, int format, int width, int height) { onValueChanged(new float[3]); } @Override public void surfaceCreated(SurfaceHolder holder) { } @Override public void surfaceDestroyed(SurfaceHolder holder) { } void onValueChanged(float[] values) { Canvas canvas = getHolder().lockCanvas(); //String imgfn = "/sdcard/seekcamera"+"/"+regcode+"/to"+"/"+tempnum+".jpg"; String imgfn = "/sdcard/seekcamera"+"/de"+"/to"+"1.jpg"; //String imgfn = "/sdcard/seekcamera"+"/00"+"/00"+"/"+"42.jpg"; File mf = new File(imgfn); Bitmap bitmap0 = BitmapFactory.decodeFile(mf.getPath()); if (canvas != null) { Paint paint = new Paint(); paint.setAntiAlias(true); paint.setColor(Color.GREEN); paint.setTextSize(12); canvas.drawColor(Color.BLACK); paint.setAlpha(200); for (int i = 0; i < values.length; i++) { canvas.drawText("values[" + i + "]: " + values[i], 0, paint.getTextSize() * (i + 1), paint); } paint.setColor(Color.WHITE); paint.setTextSize(100+values[2]); paint.setAlpha( (int) (255-values[2])); canvas.drawText("Germany", values[0]*1+20, paint.getTextSize() * 1+values[2]-80, paint); ///here is the problem.. canvas.drawBitmap(bitmap0, values[0],values[1], paint); getHolder().unlockCanvasAndPost(canvas); } } } }

    Read the article

  • How to draw some lines in a view element defined in the xml layout

    - by Nils
    Hello, I have problems drawing some simple lines in a view object (Android programming). First I created the layout with the view element(kind of painting area) in it (XML file). [...] < View android:id="@+id/viewmap" android:layout_width="572px" android:layout_height="359px" android:layout_x="26px" android:layout_y="27px" [...] ... and tried then to access it to draw some lines. Unfortunately the program is running and other UI elements like buttons are displayed, but I can't see the drawings. What's wrong ? [...] viewmap = (View) findViewById(R.id.viewmap); Canvas canvas = new Canvas(); viewmap.draw(canvas); Paint p = new Paint(); p.setColor(Color.BLUE); p.setStyle(Paint.Style.STROKE); canvas.drawColor(Color.WHITE); p.setColor(Color.BLUE); canvas.drawLine(4, 4, 29, 5, p); p.setColor(Color.RED); viewmap.draw(canvas); [...] Thanks for help :) !

    Read the article

  • Having trouble with event creation using the events.create API with the iPhone SDK

    - by MahatmaManic
    I'm using the FBConnect library in my iPhone app, and I'm trying to create Facebook events. After getting a valid session and verifying permissions, I'm using events.create and getting what looks like a valid event ID back from FB in a success response. Oddly the event isn't showing up on my account's Events page either in current or in past events. I thought the problem might be that the event might not include me as an attendee so I followed the successful events.create call with an events.rsvp call to set my status to "attending". That also gets back success from FB, but I'm still not seeing anything show up. Am I missing a step? Is there something other than Create and then RSVP that I need to do, or is there an error with the api/Facebook? I don't think I'm missing any of the required fields for event creation (name and start_time) and I am populating a lot of the other fields in event_info...

    Read the article

  • Embedding Youtube Videos on user's wall with the Javascript API

    - by dragonmantank
    I'm attempting to embed a Youtube video on a user's wall using the Javascript API. I've poured over a bunch of different tutorials and came up with this: var data = { method: 'feed', link: current_video_url, // Link to the vide on our site source: current_video_src, // Link to the Youtube video, http://youtube.com/v/[hash] picture: current_picture_url, // Thumbnail from youtube title: current_video_title, // Title from our page caption: current_video_description // Text from our page } FB.ui(data); Running the Facebook Debugger shows that the current_video_url link is being properly parsed for OG tags and is available as an embedded video. I ran a debugger and all the variables are being properly set in the data variable. This worked fine for about 2 days, and then we pushed the site live. We set up a new AppID in Facebook but now all the videos are just thumbnails instead of being embedded in the user's wall. I thought maybe this is a problem with the live site but now the dev site is broken too. What's the best way to get this to work consistently?

    Read the article

  • Webview can't type in, is that because of missing setting?

    - by Pentium10
    I have an Android application that connects to Facebook to request authorization of an Application. I use the following setting in the WebView, but once the view is loaded, I can't type in login details. What I am missing? WebView webview; webview = (WebView) findViewById(R.id.facebookview); webview.getSettings().setJavaScriptEnabled(true); webview.setWebViewClient(new FacebookWebViewClient()); webview .loadUrl("http://www.connect.facebook.com/login.php?return_session=1&nochrome=1&fbconnect=1&extern=2&connect_display=popup&api_key=" + FConnect.API_KEY + "&v=1.0&next=" + FConnect.SUCCESS_URL + "%3Ffb_login%26fname%3D_opener&cancel_url=" + FConnect.CANCEL_URL + "%23fname%3D_opener%26%257B%2522t%2522%253A3%252C%2522h%2522%253A%2522fbCancelLogin%2522%252C%2522sid%2522%253A%25220.741%2522%257D&channel_url=" + FConnect.XD_RECEIVER);

    Read the article

  • Get the ID of user that like my page.

    - by jon
    Hello I would like to know if there is any API feature that can tell me which users liked my application page. I know that it is possible to check if a user is a fan of any given Page using page.isFan verification or to get the number of fans. But is it possible to get the fans' User ID? If so, is it possible to get that data ordered by the date they became fans of the page? For exemple usign FQL i can get the user ID of someone o like an facebook object like post or photo. http://developers.facebook.com/docs/reference/fql/like Can i do this for the people who liked my page? Thanks for any help or guideline .

    Read the article

  • Uploading a picture to a album using the graph api

    - by kielie
    Hi guys, I am trying to upload an image to a album, but it's not working, here is the code I am using, $uid = $facebook->getUser(); $args = array('message' => $uid); $file_path = "http://www.site.com/path/to/file.jpg"; $album_id = '1234'; $args['name'] = '@' . realpath($file_path); $data = $facebook->api('/'. $album_id . '/photos', 'post', $args); print_r($data); This code is in a function.php file that gets called when a user clicks on a button inside of a flash file that is embedded on my canvas, so basically what I want it to do is, when the flash takes a screen shot and passes the variable "image" to the function, it should upload $_GET['image'] to the album. How could I go about doing this? Thanx in advance!

    Read the article

  • css file not getting updated

    - by fusion
    the font of the content of my facebook app keeps getting italicized even when i've removed the italics from the css file. if i make minor changes in the css file and upload it to the server, the firebug shows the unedited previous css file and hence, the app keeps showing unformatted content. what exactly is going wrong here? i made a new css file and copied the contents of the previous css exactly as it was, and i linked it in all the files which require css. but when i upload these files to the server, facebook canvas doesn't show any css at all. i replaced the css filename with the previous one, and it works. why is this?

    Read the article

  • Can you call FB.login inside a callback from other FB methods (like FB.getLoginStatus) without triggering popup blockers?

    - by Erik Kallevig
    I'm trying to set up a pretty basic authentication logic flow with the FB JavaScript SDK to check a user's logged-in status and permissions before performing an action (and prompting the user to login with permissions if they are not)... User types a message into a textarea on my site to post to their Facebook feed and click's a 'post to facebook' button on my site. In response to the click, I check user's logged in status with FB.getLoginStatus In the callback to FB.getLoginStatus, if user is not logged in, prompt them to login (FB.login). In the callback to FB.login I then need to make sure they have the right permissions so I make a call to FB.api('/me/permissions') -- if they don't , I again prompt them to login (FB.login) The problem I'm running into is that anytime I try to call FB.login inside a callback to other FB methods, the browser seems to lose track of the origin of execution (the click) and thus will block the popup. I'm wondering if I'm missing some way to prompt the user to login after checking their status without the browser mistakenly thinking that it's not a user-initiated popup? I've currently fallen back to just calling FB.login() first regardless. The undesired side effect of this approach, however, is that if the user is already logged-in with permissions and I'm still calling FB.login, the auth popup will open and close immediately before continuing, which looks rather buggy despite being functional. It seems like checking a user's login status and permissions before doing something would be a common flow so I feel like I'm missing something. Here's some example code. <div onclick="onClickPostBtn()">Post to Facebook</div> <script> // Callback to click on Post button. function onClickPostBtn() { // Check if logged in, prompt to do so if not. FB.getLoginStatus(function(response) { if (response.status === 'connected') { checkPermissions(response.authResponse.accessToken); } else { FB.login(function(){}, {scope: 'publish_stream'}) } }); } // Logged in, check permissions. function checkPermissions(accessToken) { FB.api('/me/permissions', {'access_token': accessToken}, function(response){ // Logged in and authorized for this site. if (response.data && response.data.length) { // Parse response object to check for permission here... if (hasPermission) { // Logged in with permission, perform some action. } else { // Logged in without proper permission, request login with permissions. FB.login(function(){}, {scope: 'publish_stream'}) } // Logged in to FB but not authorized for this site. } else { FB.login(function(){}, {scope: 'publish_stream'}) } } ); } </script>

    Read the article

  • How do I change the name of an application tab?

    - by Tom Rom
    I'm working on a facebook page for a client and with the new profiles pages starting to roll out I've come across an issue with the name of the app I created. The original profiles which most of you will see here - http://www.facebook.com/DrMartyBecker says "Welcome" as the tab name. On the new profile pages the tab says 'drMARTY', I can't find the place where I can modify the name. So i was wondering if there was a way to change this and where. Thanks for the help!

    Read the article

  • echoing our parts of an Array?

    - by Wes
    I have the following array that I get as an output from facebook: http://www.paste.to/v/1jntlnml With the following code: $stream = $facebook->api_client->stream_get('',128342905144,'0','0',30,'','','',''); foreach($stream as $wallpost) { echo '<pre>'; print_r($wallpost); echo '</pre>'; } So I get the data that I need, but I want to call the individual variables within this array. For example, echo out the [message] for each post. Since it only loops once, I cant echo $wallpost['message'] or anything similar. any idea?

    Read the article

  • Why would a FaceBook application "work" on a profile, but not a page?

    - by edt
    I made a FaceBook application that works fine on profiles, but I can't figure out how to get it to show on a FaceBook page. For example, after I visit the application canvas URL, allow the application, then edit application settings and "add" to box and tab view... I cannot click the "plus" symbol to the left of the tabs in order to add a tab for the application. It does not appear in the list of available applications. Meanwhile, the application is working/showing up on profiles with no issues. I DID check the "Installable to Pages" checkbox on the application (authentication tab) settings. What could cause this? Here is the application canvas URL: http://apps.facebook.com/russian_girls/

    Read the article

  • vs2010 wpf c#: how to get friends list from facebook? (Desktop application)

    - by Ash
    As per this link code from stack overflow i have try this code for getting friendslist but after login i got this error "requires valid signature" string APIKey = ConfigurationManager.AppSettings["API_Key"]; string APISecret = ConfigurationManager.AppSettings["API_Secret"]; Facebook.Session.ConnectSession connectsession = new Facebook.Session.ConnectSession(APIKey, APISecret); Facebook.Rest.Api api = new Facebook.Rest.Api(connectsession); var friends = api.Friends.GetLists(); foreach (var friend in friends) { System.Console.WriteLine(friend.name); } guide me to find out the solution Thanks ash

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • MouseLeftButtonUpEvent & Bubbling in Canvas

    - by Maxim
    Hi guys, I think I'm going crazy... I have Canvas with event handlers for MouseMove & MouseLeftButtonUp. However MouseLeftButtonUp is not being fired when it happens with cursor over TextBlock that is inside canvas. (it fires just fine when I release mouse button in empty space of the canvas) I tried attaching handler via AddHandler and using regular += syntax, nothing seems to work. I tried using Canvas.CaptureMouse() but it doesnt seem to work either (CaptureMouse returns true btw). MouseLeftButtonUp just doesnt want to propagate to it's parent when it happens over TextBlock (or any other element with IsHitTestVisible = true) inside Canvas. Please help.

    Read the article

  • Facebook totalement hors-service cette nuit, un employé aurait dévoilé des prototypes par erreur

    Facebook totalement hors-service cette nuit, un employé aurait dévoilé des prototypes par erreur Hier soir (à partir de 22h15 heure française), Facebook a été hors service pendant près de 30 minutes. Le site n'a pourtant subi aucune attaque extérieure. En fait, il a été mis hors ligne par la firme elle-même. En cause ? Lors du passage au nouveau design des pages de marques (avec une galerie photo repensée et de nouvelles fonctionnalités de management des pages), un ingénieur de l'équipe de développement a également déployé certains prototypes internes. Ces brouillons de futurs produits de Facebook auraient dû rester secrets, et c'est pourquoi le site a été désactivé : le temps pour son staff de nettoyer...

    Read the article

< Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >