{ "id": "88982", "key": "TIMOB-8339", "fields": { "issuetype": { "id": "2", "description": "A new feature of the product, which has yet to be developed.", "name": "New Feature", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "13573", "description": "Sprint 2012-15 API", "name": "Sprint 2012-15 API", "archived": true, "released": true, "releaseDate": "2012-07-30" } ], "resolution": { "id": "6", "description": "", "name": "Hold" }, "resolutiondate": "2012-07-19T14:41:42.000+0000", "created": "2012-03-27T15:48:23.000+0000", "priority": { "name": "High", "id": "2" }, "labels": [ "api" ], "versions": [ { "id": "12593", "name": "Release 2.0.0", "archived": false, "released": true, "releaseDate": "2012-03-30" }, { "id": "13070", "description": "Release 1.8 Service Pack 2", "name": "Release 1.8.2", "archived": true, "released": true, "releaseDate": "2012-02-29" }, { "id": "13270", "description": "Release 1.8 Service Pack 3 (CI for 1_8_X)", "name": "Release 1.8.3", "archived": true, "released": false } ], "issuelinks": [ { "id": "16818", "type": { "id": "10001", "name": "Cloners", "inward": "is cloned into", "outward": "is cloned from" }, "inwardIssue": { "id": "90768", "key": "TIMOB-8865", "fields": { "summary": "iOS - Facebook offline_access deprecation", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "High", "id": "2" }, "issuetype": { "id": "2", "description": "A new feature of the product, which has yet to be developed.", "name": "New Feature", "subtask": false } } } }, { "id": "18342", "type": { "id": "10011", "name": "Includes", "inward": "is included by", "outward": "includes" }, "inwardIssue": { "id": "94531", "key": "TIMOB-9900", "fields": { "summary": "TiAPI: Update Facebook SDK to latest version on all platforms", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "Critical", "id": "1" }, "issuetype": { "id": "7", "description": "gh.issue.story.desc", "name": "Story", "subtask": false } } } } ], "assignee": { "name": "pwang", "key": "pwang", "displayName": "Ping Wang", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2017-03-21T21:13:13.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "h4. Problem Description\r\nMail from FB with updates on the Android SDK, deprecating offline mode: \r\n\r\n\"We recently made some important updates to the Facebook SDK for Android, and strongly encourage you to update to version 1.2.1 of the SDK in your app (VIN Viper). Specifically, this update includes:\r\n\r\nA bugfix for a null pointer exception when using the SDK with older versions of the Facebook for Android App Full support for the offline_access deprecation Reduced debug logging by the SDK to make apps more secure by default for users who may have malware installed on their devices You can download the latest SDK here: https://github.com/facebook/facebook-android-sdk/. Offline access will no longer be available as of May 1, 2012, and you can make sure your Android app is prepared by following our guide here: https://developers.facebook.com/roadmap/offline-access-removal/\"\r\n\r\nh4. HD Discussion \r\nhttp://support-admin.appcelerator.com/display/15810", "attachment": [], "flagged": false, "summary": "Android: Facebook offline_access deprecation", "creator": { "name": "mpmiranda", "key": "mpmiranda", "displayName": "Mauro Parra-Miranda", "active": true, "timeZone": "America/Mexico_City" }, "subtasks": [], "reporter": { "name": "mpmiranda", "key": "mpmiranda", "displayName": "Mauro Parra-Miranda", "active": true, "timeZone": "America/Mexico_City" }, "environment": null, "comment": { "comments": [ { "id": "201947", "author": { "name": "pwang", "key": "pwang", "displayName": "Ping Wang", "active": true, "timeZone": "America/Los_Angeles" }, "body": "PR https://github.com/appcelerator/titanium_mobile/pull/2517", "updateAuthor": { "name": "pwang", "key": "pwang", "displayName": "Ping Wang", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-06T15:43:03.000+0000", "updated": "2012-07-06T15:43:03.000+0000" }, { "id": "208484", "author": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "body": "The story so far:\r\n\r\nFacebook changed its API and we updated to the new API. This is already in master and 2.1.1. Facebook does have a beta of their next API, but since this is a beta, it's not for consideration yet.\r\n\r\nPing and I have looked over the SDK exposed by Facebook that isn't beta 3, and we found the following new APIs that are not yet exposed:\r\n{quote}\r\nTwo new events:\r\nTitanium.Facebook.addEventListener('tokenextended', updateLoginStatus);\r\nTitanium.Facebook.addEventListener('tokenexpired', updateLoginStatus);\r\n\r\nTokenextended fires when the session has been extended.\r\nTokenexpired fires when the session has been expired either by the token being too old, the user changing their password, or the user removing the app from their Facebook.\r\n\r\nOne new property:\r\nTitanium.Facebook.shouldExtendAccessToken\r\nThis is a boolean, mapping directly to Facebook's API, which will return true if the access token has not been extended in the last 24 hours.\r\n\r\nOne new function:\r\nTitanium.Facebook.extendAccessToken(force)\r\nForce is an optional boolean, default false. If force is false, extendAccessToken will only act if shouldExtendAccessToken is true.\r\nIf force is true, it will try to extend the access token anyways.\r\n\r\nThere was one feature for Facebook's iOS API that is missing in Facebook's Android API (known as frictionless requests) and as such, that was not exposed for reason of there being no way of offering parity.\r\n{quote}\r\n\r\nThis was the intended spec. However, in testing this out (Yes, both Ping and I have implemented these already, but wanted to polish it up and test it out) with FB's servers, we've discovered a few things:\r\n\r\nFacebook's API, by default on native apps, sets the session duration to 90 days. We can try to spoof this to be a shorter time for testing purposes, but given the data on FB's own server, this would not be a fully accurate test. Furthermore, the Facebook API automatically calls extendAccessToken internally whenever it logs in or makes a data request. In rereviewing the documentation at https://developers.facebook.com/roadmap/offline-access-removal/, this behavior is documented as expected behavior for legacy and new iOS and Android apps.\r\n\r\nI do not have the data on customer demand for extending access tokens above and beyond what we're given already. As such, this new API may prove to offer very little actual utility and may prove difficult to conclusively test. I'd like some guidance on this, or rather, what is required of us for the Facebook API beyond what is currently implemented and various bug fixes. Given that Facebook has not updated the API code for several months, it is likely that there will be nothing new on the native API until Facebook's 3.0 API leaves beta.", "updateAuthor": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-19T11:43:13.000+0000", "updated": "2012-07-19T11:43:13.000+0000" }, { "id": "208514", "author": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Shak, could you contact the customer about if they need this functionality above and beyond what we already provide?", "updateAuthor": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-19T14:41:27.000+0000", "updated": "2012-07-19T14:41:27.000+0000" }, { "id": "208515", "author": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Waiting for customer feedback", "updateAuthor": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-19T14:41:42.000+0000", "updated": "2012-07-19T14:41:42.000+0000" }, { "id": "210978", "author": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I am one of the customers that has been asking for this. (Strange that neither helpdesk nor email convo notified me in any way that this was being put on hold)\r\n\r\nWhat we need and that hasn't been working until now is some way to do the following:\r\n\r\nCheck if the user's facebook token stopped being valid for some reason. If yes - obtain a new access token and store it. That's it. It seems Titanium.Facebook.extendAccessToken would do just that?", "updateAuthor": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-01T08:49:27.000+0000", "updated": "2012-08-01T08:49:27.000+0000" }, { "id": "210979", "author": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "body": "If you want a way to test if your fix works you can simply change the password of the Facebook user, which invalidates all access tokens.", "updateAuthor": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-01T08:52:56.000+0000", "updated": "2012-08-01T08:52:56.000+0000" }, { "id": "210982", "author": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "body": "By the way, the PR by Ping Wang seems to be Android-specific, can you confirm that you have also implemented this for iOS?\r\n\r\nAnd preferably provide some sort of documentation or example code of how to use it. ", "updateAuthor": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-01T08:54:37.000+0000", "updated": "2012-08-01T08:54:37.000+0000" }, { "id": "211043", "author": { "name": "pwang", "key": "pwang", "displayName": "Ping Wang", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi Sergej Kotliar, the Facebook update for iOS has also been implemented. The PR is https://github.com/appcelerator/titanium_mobile/pull/2530/", "updateAuthor": { "name": "pwang", "key": "pwang", "displayName": "Ping Wang", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-01T11:17:52.000+0000", "updated": "2012-08-01T11:17:52.000+0000" }, { "id": "212101", "author": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "body": "It turns out that the Facebook API for extending an access token works ONLY when a token is still valid. That is, once the token's invalid, the ONLY way to renew it is to have the user log back in and restore permissions. This is by design, as the Facebook user may remove an application's permissions, and allowing the application to reestablish connections without the user's consent would be a violation of security and privacy.\r\n\r\nThe reason we don't automatically try to log in on failure is because it is possible that the end developer intends to fail silently on failure, and interrupting their code flow with unexpected UI would be bad design.", "updateAuthor": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-06T10:39:07.000+0000", "updated": "2012-08-06T10:39:07.000+0000" }, { "id": "213137", "author": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Alright, but that being so, there must be a way of checking from within an app something along the following:\r\n\r\nif(user was ever logged in){\r\n if(access_token_is_valid && access_token_needs_extending){\r\n extend_access_token();\r\n } else {\r\n show_login_screen();\r\n }\r\n}\r\n\r\nCurrently AFAIK there is no way to perform this operation from within the app.", "updateAuthor": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-07T08:30:46.000+0000", "updated": "2012-08-07T08:30:46.000+0000" }, { "id": "213530", "author": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "body": "{code}\r\nvar fb=require('facebook')\r\nif(!fb.loggedIn){\r\n fb.dialog(...);\r\n}\r\n{code}\r\n\r\nIn the updated Facebook SDK that we're using, logging in or accessing anything from FB automatically tries to extend the token up to 90 days, making any API for it moot.", "updateAuthor": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-09T08:09:32.000+0000", "updated": "2012-08-09T08:11:08.000+0000" }, { "id": "213971", "author": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Alright, but what if I don't want to access anything on FB but only extend the access token, which is then used in other places? \r\n\r\nAnd what is the story with these functions that you mentioned earlier? \r\n\r\nTitanium.Facebook.shouldExtendAccessToken\r\nTitanium.Facebook.extendAccessToken(force)\r\n\r\nAre they available? They seem to be using the old, non CommonJS approach, unlike the one you seem to be using above (that I haven't really seen anywhere). Can we get some documentation?", "updateAuthor": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-08-13T01:28:31.000+0000", "updated": "2012-08-13T01:28:31.000+0000" }, { "id": "217561", "author": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[Require|http://docs.appcelerator.com/titanium/2.1/index.html#!/api/Global-method-require] can be used to get Titanium modules. Titanium.Facebook.loggedIn is the same as require('facebook').loggedIn. In an effort to make things more modular and align closer with commonJS modules, the latter is suggested.\r\n\r\nThe story of shouldExtendAccessToken and extendAccessToken was that it actually was implemented internally, and when it came to test, Ping and I realized that it was actually quite impossible to verify. Expiring by revoking privileges is simple enough, but would not test extensions (as they were already expired, and thus, could not be extended). The only way to test shouldExtendAccessToken and extendAccessToken would be to not use the phone for 2-3 months, per test. We don't have any ties to Facebook, so we couldn't just have them tweak the token expiration time for us to test.\r\n\r\nIt wasn't an easy decision to make, especially since it meant throwing away my own work, but I couldn't in clear conscience introduce untested and untestable API that at best does nothing 99% of the time.", "updateAuthor": { "name": "blainhamon", "key": "blainhamon", "displayName": "Blain Hamon", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-09-04T20:11:31.000+0000", "updated": "2012-09-04T20:11:31.000+0000" }, { "id": "219689", "author": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "updateAuthor": { "name": "ziggamon2", "key": "ziggamon2", "displayName": "Sergej Kotliar", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-09-19T06:08:15.000+0000", "updated": "2012-09-19T06:08:15.000+0000" }, { "id": "414422", "author": { "name": "lmorris", "key": "lmorris", "displayName": "Lee Morris", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Closing ticket due to the time that has passed since this was filed.", "updateAuthor": { "name": "lmorris", "key": "lmorris", "displayName": "Lee Morris", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2017-03-21T21:13:13.000+0000", "updated": "2017-03-21T21:13:13.000+0000" } ], "maxResults": 17, "total": 17, "startAt": 0 } } }