Facebook To Developers: It’s Time We Had The OAuth, HTTPS Talk

Filed as News on May 10, 2011 7:03 pm

Despite the success of Facebook’s secure logging feature, many developers have yet to embrace the way of HTTPS (as one can easily notice by the lack of support from many popular apps).

In order to prevent a scenario where users have to choose between fun and security, Facebook is giving developers a deadline to embrace HTTPS (as well as OAuth 2.0).

Over the past few weeks, we determined that OAuth is now a mature standard with broad participation across the industry. In addition, we have been working with Symantec to identity issues in our authentication flow to ensure that they are more secure. This has led us to conclude that migrating to OAuth & HTTPs now is in the best interest of our users and developers.

Today, we are announcing an update to our Developer Roadmap that outlines a plan requiring all sites and apps to migrate to OAuth 2.0, process the signed_request parameter, and obtain an SSL certificate by October 1. (Facebook Developers Blog)

While forcing developers to embrace OAuth 2.0 and HTTPS will cause a few developers to whine, doing so will help Facebook cut down on the number of accounts hacked (especially around unsecured hot spots).

Smaller social networks like Twitter have already embraced OAuth 2.0 (not to mention secure logging as well), and Facebook’s adoption will hopefully inspire other social networks with large developer communities to adopt these standards as well.

Tags: ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.


Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current day month ye@r *