LiveCode Forums.

I managed to get the facebook code from Andre Garzia to work in terms of retrieving names with birthdays from facebook using the graph api. (and I am happy to supply this). I do have a few questions;

1) If I embed the facebook appid and secret key in the code, could it be accessed by say a hacker after it has been download from the iTunes app store? or is the binary downloaded unreadable?
2) The approach used by Andre Garzia is a web based approach using https, oauth, post and get Has anyone used this approach and had it approved by Apple. Are there any issues with using this approach with facebook? i.e. do facebook prefer you to write an external using the iOS supplied libraries, do apple frown on not using the objective-c libraries in order to access facebook.
3) The documentation on the runrev lesson states that you only need to create an appid and secret key. Do I need to do anything else in facebook? I have managed to get the access to work with just an appid and secret key? The documentation does mention a website but is this necessary?


Paul Johnson
theAgilePad
Manchester - England
m : 07818 832421

Probably best to ask andre directly, or invite him to answer here?

http://www.andregarzia.com

I am interested in the answers to your questions as well. Has there been any progress in this area??

1. Yes it can be extracted. The risk of the secret key being extracted is that a motivated hacker could use the key to enumerate user accounts or perform a brute-force attack to gain access as your app to your oauth providers. However, embed is probably fine for a medium/low-profile application.

2. It is approved, that is the primary purpose for the protocol to be exposed and implemented via API, because who wants to have to create another account for every app and website. The current publicly available oauth implementations for livecode are oauth 1.0, which are very out of date. I use an external to implement native-c access via oauth 2.0.

3. Nope, you should be good to go.