node ninja
Reputation: 33026
Why was an app secret not required for this Facebook app to work?
I've been experimenting with making Facebook apps and I'm still not clear on app IDs and secrets.
I tried this code on github and got it working. I noticed that it only requires an app ID and the correct url to work, but nowhere do you need to enter an app secret.
Why was an app secret not required?
Upvotes: 2
Views: 702
Answers (1)
Gil Birman
Reputation: 35920
The app secret is not required on the client side. In fact, it is a security risk to store the app secret on the client side. By client side I mean in JavaScript, iOS, etc. The only purpose for the app secret is on your web server. For example, if you are making an API call from PHP on behalf of the user you must use the app secret.
Upvotes: 2
Related Questions
- why do I get "Invalid appsecret_proof provided in the API argument"
- Facebook has detected that 'App' isn't using a secure connection to transfer information
- Facebook OmniAuth throwing parameter app_id required when deployed on Heroku
- how to setup facebook app for heroku site for rails?
- Facebook JS SDK does not need app secret to authenticate : How secure is it?
- Heroku app on new deployment signs out all users
- in heroku login ssh public key cannot be generated for facebook apps
- Facebook PHP app on Heroku not receiving signed_request
- Problems configuring an application in Facebook (website with Facebook login)
- Problem creating Facebook application with heroku