Facebook To Developers: It’s Time We Had The OAuth, HTTPS Talk
Despite the success of Facebook’s secure logging feature, many developers have yet to embrace the way of HTTPS (as one can easily notice by the lack of support from many popular apps).
In order to prevent a scenario where users have to choose between fun and security, Facebook is giving developers a deadline to embrace HTTPS (as well as OAuth 2.0).
Over the past few weeks, we determined that OAuth is now a mature standard with broad participation across the industry. In addition, we have been working with Symantec to identity issues in our authentication flow to ensure that they are more secure. This has led us to conclude that migrating to OAuth & HTTPs now is in the best interest of our users and developers.
Today, we are announcing an update to our Developer Roadmap that outlines a plan requiring all sites and apps to migrate to OAuth 2.0, process the signed_request parameter, and obtain an SSL certificate by October 1. (Facebook Developers Blog)
While forcing developers to embrace OAuth 2.0 and HTTPS will cause a few developers to whine, doing so will help Facebook cut down on the number of accounts hacked (especially around unsecured hot spots).
Smaller social networks like Twitter have already embraced OAuth 2.0 (not to mention secure logging as well), and Facebook’s adoption will hopefully inspire other social networks with large developer communities to adopt these standards as well.
Darnell Clayton is a geek who discovered blogging long before he heard of the word "blog" (he called them "web journals" then). When he is not tweeting, friendfeeding, or blogging about space, he enjoys running, reading and describing himself in third person.