New SSL Certificate To Be In Place By 1st October
I have been reading the developer blog on Facebook this morning and stumbled across this article saying that all Canvas pages are to use OAuth and SSL.
• an SSL Certificate is required for all Canvas and Page Tab apps (not in Sandbox mode)
Does this really mean that any application that has been created before this date will stop working? Am I really going to have to buy an SSL certificate for each application?
Yes looks like it. They told developers on 11th May 2011 :
Today, we are announcing an update to our Developer Roadmap that outlines a plan requiring all sites and apps to migrate to OAuth 2.0, process the signed_request parameter, and obtain an SSL certificate by October 1.
Migration to OAuth 2.0 + HTTPS timeline:
- July 1: Updates to the PHP and JS SDKs available that use OAuth 2.0 and have new cookie format (without access token). September 1: All apps must migrate to OAuth 2.0 and expect an encrypted access token.
- October 1: All Canvas apps must process signed_request (fb_sig will be removed) and obtain an SSL certificate (unless you are in Sandbox mode). This will ensure that users browsing Facebook over HTTPS will have a great experience over a secure connection. We believe these changes create better and more secure experiences for users of your app. A migration plan below outlines the potential impact on your apps.
Please Note: An SSL certificate is not required for user authentication on your site, Likes, Comments or other things. It's only used if you want to show your site (or parts of it) inside the Facebook.com domain.
Once your SSL certificate is installed on your site, you'll simply need to enter your new secure URL into the "Secure Canvas URL" and "Secure Tab URL". To obtain and install an SSL Certificate, we've partnered with The SSL Store in order to make the process as smooth as possible. SSL Certificates that work with Facebook can be purchased for as little as $11/year (multi-year) or $18 for just one year.
Purchasing a certificate through The SSL Store takes about 10 minutes and they have a 30-day money back guarantee.
Below are instructions on how to purchase a new SSL certificate for your site so that you can use the Facebook Page features without any issue.
It does seem that you need to have one, and not one per app.
- → Import statement and Babel
- → Getting Comments of comments Facebook API
- → Facebook Developer API in reactjs code
- → Facebook PHP SDK - Graph Error "Authorization code has been used" on page refresh
- → How is possible to open website inside facebook mobile app like buzzfeed?
- → Laravel - set meta tag dynamically with @section
- → Do Flux (by Facebook) handle server side update with sockets
- → understanding of real example open graph protocol
- → flynsarmy-sociallogin (Facebook api) in octoberCMS - Authentication failed! Facebook returned an invalid user id
- → Open Graph data facebook
- → Putting Facebook photos on canvas, taint canvas when trying to send it toDataURL. Can I set Facebook's header for CORS?
- → OctoberCMS plugin SEO Meta Og image
- → Shopify + og:image resulting in "was not a valid URL."