Facebook

[Chris]

In the most broad sense (implementation, promotion), how do I integrate an existing game with Facebook? Everything I need to know, perfectly if the minimum route is given.

I think there need to be done (simpliest route):
- download SDK
- make register via facebook (asks for username only)
- make login via facebook
- create facebook "Page" with the game description and link
Questions:
- what happens when the session expires?
- how to store the facebook data? I was thinking about a separate "socialnetwork" table that holds only FB userid. The normal user table is filled this way: asked for username, password & email left blank (login via normal (non FB) page disabled if password == NULL)

[Harkins]

The docs (such as they are) are on the wiki: http://wiki.developers.facebook.com Sounds like you're looking to start with Facebook Connect just for logins.

- what happens when the session expires?

When the user's Facebook session expires is irrelevant. When yours expires, do whatever you usually do. Maybe you're asking something I'm not getting?

- how to store the facebook data? I was thinking about a separate "socialnetwork" table that holds only FB userid. The normal user table is filled this way: asked for username, password & email left blank (login via normal (non FB) page disabled if password == NULL)

You can do that, yes. The cleanest way is to separate your authentication data from your player data. So the Player table has things like in-game name, RPG stats, whatever game data you have. The Login table has username/password combos and links to the Player table. Maybe you also have a FacebookLogin table with uids in it.

Alternately, you can just add a facebook_uid column to your existing user table and make the username/password/email fields optional.

[Chris]

- what happens when the session expires?

When the user's Facebook session expires is irrelevant. When yours expires, do whatever you usually do. Maybe you're asking something I'm not getting?

I was asking because I saw "connected" icon in gnohwars, thought it might be something with FB. So, basicly I need to add "LoginViaFacebook" button on each page where I have normal login form.

I also wonder if I should go for standalone (game in a separate page) or canvas (inside FB).

Is 32 bit integer for FB_uid enough?

Any other tips from people who have FB interegrated game already? Am I missing something?

[gnoh]

Nah, that's part of an effort to stop people using the browsers refresh button.  The face book identifiers they give you are strings.

[gnoh]

Appears I was wrong:
http://wiki.developers.facebook.com/index.php/User_ID

[Chris]

Is there any simple example of BBG style login/register system with optional facebook login? All I have seen so far are heavy, full blown FB integration examples.

By the way, I find it amusing that people tend to make tons of useless & repetitive tutorials/examples (like "BBG framework number 10544") while basicly no one make usefull things (like tutorial with source code of a sample BBG integrated with FB)

[gnoh]

They're just user providers, it's basically just a matter of taking a variable they provide like a uid and linking it in to your own account system.

If I were you i'd probably just use rpxnow and i'd pay for the social widget and reward players for publishing.

[bbgames]

By the way, I find it amusing that people tend to make tons of useless & repetitive tutorials/examples (like "BBG framework number 10544") while basicly no one make usefull things (like tutorial with source code of a sample BBG integrated with FB)

Check it out, a tutorial on Facebook connect and an authentication system in under 15 minutes.

[Chris]

I'm starting getting it. It was confusing at the beginning since there is no differentiation of register/login (which makes sense if you think about it .

Where can I find some button image (small one) to use with rpxnow. Like "Connect with (and here icons of the social networks)" or something whatever should be used for such button. Or drop some examples of sites that used it.
(I'm social network disabled , so I'm very good at not noticing any social network features on the internet, so feel free to drop some obvious examples/info that everyone except me knows already)

[Chris]

Does it make any sense to allow linking more than one social network with one player? Like you can login via facebook and twitter (and both will login you as the same player)?

[gnoh]

Yep that's  considered best practice, I don't do that though I might do eventually if I ever get around to building an external account system to be shared amongst my games.  Although I need to finish one of them first

[Chris]

Geez, didn't know that BBG players hate FB so much. After announcing plans for FB integration I regularly need to explain that it won't spam their profiles and that it is optional and things like that.

I wonder if putting the FB connect button on the homepage will be a smart move...

[Harkins]

Geez, didn't know that BBG players hate FB so much. After announcing plans for FB integration I regularly need to explain that it won't spam their profiles and that it is optional and things like that.

I've seen people split-test phrases to put under their FB login button like "We never post to your wall without your permission" and such.

[gnoh]

You can't post on the wall without there permission anyway,   It's getting even worse with the new data permissions coming into play in a few days.

You've already got rpxnow set up why don't use use there built in facebook implementation and pay for the social widget each publish requires there permission and what I do is reward my players for posting as you do for voting.  The callback from the reward widget actually says if they published or not as well so it's less vulnerable to abuse than your current voting system as well.

Since each post generates on average 3-4 clicks I'm guessing it'll be more valuable for you than the the top lists you already reward for.

[Chris]

How to make long screen inside canvas?

When I set it to "IFrame + Auto-resize" the page has predefined height and bottom is cut (while I saw some games inside FB that have the page adjust its height). How they did it?

[BlackScorp]

they did it with JavaScript SDK from Facebook. actually i saw another nice ide how to implement a game to facebook. They added in the iframe the server selection, after selecting a server a popup was opened with the full game.

http://developers.facebook.com/docs/reference/javascript/FB.Canvas.setSize/

[Chris]

Dear Developer of LordsTestServer,

Our automated systems have detected that you may be inadvertently allowing authentication data to be passed to 3rd parties. Allowing user ids and access tokens to be passed to 3rd parties, even inadvertently, could allow these 3rd parties to access the data the user made available to your site. This violates our policies and undermines user trust in your site and Facebook Platform.

In every case that we have examined, this information is passed via the HTTP Referer Header by the user's browser. This can happen when using our legacy authentication system and including <iframe>, <img> or <script> content from 3rd parties in the page that receives authentication data from Facebook. Our legacy mechanism passes authentication information in the URL query string which, if handled incorrectly, can be passed to 3rd parties by the browser. Our current OAuth 2.0 authentication system, released over a year ago, passes this information in the URL fragment, which is not passed to 3rd parties by the browser.

Please ensure that you are not allowing this data to be passed immediately. Accessing your site as a test user while running a HTTP proxy/monitor like Charles or Fiddler is the best way to determine if you are allowing this information to be passed. If you discover the issue, you can do one of two things:

1. Migrate your site to use our OAuth 2.0 authentication system. We are requiring all apps and sites to update to this mechanism by Sept. 1, 2011. Migrating now will address this issue and ensure that you are one of the first to meet the deadline. For more details, please see our Authentication Guide.

2. Create and use an interstitial page to remove the authentication data before redirecting to your page with 3rd party content. This approach is used by many of our largest developers today (although they are all migrating to OAuth 2.0 shortly). This is a simple and straightforwardchange that should have minimal impact on your site. For more details on this approach, see our Legacy Connect Auth doc.

Because of the importance of ensuring user trust and privacy, we are asking you to complete one of the above steps in the next 48 hours. If you fail to do so, your site may be subject to one of the enforcement actions outlined in our policies.

If you have any questions or believe you have received this message in error, please contact us.

Facebook Developer Relations

Does anyone understand what they want?
It's about this app: http://apps.facebook.com/lordstestserver/

[Harkins]

You're using their legacy auth mechanism, which loads your app with a url like yourgame.com/facebook.php?secret=123&moreinfo=456. If the user loads an iframe or clicks a link from your page, the querystring variables used for authentication will get passed on to another site.

[Chris]

You're using their legacy auth mechanism

LOL, so in short they messed up with their SDK and now want me to replace it with a new one they made that is not as much messed up as the old one or I face consequences This is really funny

OK, anyone, can you drop the link to the CURRENT facebook docs/tutorials that WORKS and have a chance to not being outdated too soon?

[BlackScorp]

http://developers.facebook.com/docs/

just this one

[Harkins]

have a chance to not being outdated too soon?

Heheheh. Facebook breaks stuff constantly. This is the tax you pay if you want to integrate with them, basically you have to redo something every two or three weeks.

[Mufasa]

have a chance to not being outdated too soon?

Heheheh. Facebook breaks stuff constantly. This is the tax you pay if you want to integrate with them, basically you have to redo something every two or three weeks.

Too true, and sad. We ditched the platform.

[Freyr]

Facebook is requiring that all application must use OAuth 2.0, which in turn also means that you will need to provide your content trough an SSL layer.
In simple terms that means you need a cert for applications.

I don't know why they are mailing you now, but it's only going to come in effect officially on 1 June/July.

See here: http://developers.facebook.com/blog/post/497

Dear Developer of LordsTestServer,

Our automated systems have detected that you may be inadvertently allowing authentication data to be passed to 3rd parties. Allowing user ids and access tokens to be passed to 3rd parties, even inadvertently, could allow these 3rd parties to access the data the user made available to your site. This violates our policies and undermines user trust in your site and Facebook Platform.

In every case that we have examined, this information is passed via the HTTP Referer Header by the user's browser. This can happen when using our legacy authentication system and including <iframe>, <img> or <script> content from 3rd parties in the page that receives authentication data from Facebook. Our legacy mechanism passes authentication information in the URL query string which, if handled incorrectly, can be passed to 3rd parties by the browser. Our current OAuth 2.0 authentication system, released over a year ago, passes this information in the URL fragment, which is not passed to 3rd parties by the browser.

Please ensure that you are not allowing this data to be passed immediately. Accessing your site as a test user while running a HTTP proxy/monitor like Charles or Fiddler is the best way to determine if you are allowing this information to be passed. If you discover the issue, you can do one of two things:

1. Migrate your site to use our OAuth 2.0 authentication system. We are requiring all apps and sites to update to this mechanism by Sept. 1, 2011. Migrating now will address this issue and ensure that you are one of the first to meet the deadline. For more details, please see our Authentication Guide.

2. Create and use an interstitial page to remove the authentication data before redirecting to your page with 3rd party content. This approach is used by many of our largest developers today (although they are all migrating to OAuth 2.0 shortly). This is a simple and straightforwardchange that should have minimal impact on your site. For more details on this approach, see our Legacy Connect Auth doc.

Because of the importance of ensuring user trust and privacy, we are asking you to complete one of the above steps in the next 48 hours. If you fail to do so, your site may be subject to one of the enforcement actions outlined in our policies.

If you have any questions or believe you have received this message in error, please contact us.

Facebook Developer Relations

Does anyone understand what they want?
It's about this app: http://apps.facebook.com/lordstestserver/

[Chris]

Any news on the OAuth 2.0? It's after 1 June/July. Have they made it obligatory already? Have all outdated apps stopped working/were banned?

[Ben Adams]

Secure Canvas URL will be required on October 1, 2011 - not sure about the dates on OAuth