Summary: Logging was turned on unconditionally before, which led to apps leaking sensitive data. This change puts the logging api behind an explicit gate that developers have to turn on. It's unfortunate that this isn't automatic - ideally this would automatically turn on for non-release signed bits. I couldn't find such a check in Android framework. If android experts have better ways of tackling this, i'm all ears. But bear in mind this is a security fix and needs to go out asap. Test Plan: Launched in default mode and verified no logging in emulator. Turned on log gate and verified logging. Reviewers: mmarucheck, lshepard, yariv, raghuc1 Reviewed By: mmarucheck CC: gregschechte, jacl Differential Revision: https://phabricator.fb.com/D411377 Task ID: 933141
Summary: The TokenRefresh intent is exposed as a service, but we were validating it as an activity. Fixign that and refactoring code. This code should have never worked. Note that without the FB app the refresh token feature will not work. If that is necessary, it's not part of this diff. Test Plan: Verify that hackbook can login & refresh token on the emulator. Reviewers: mmarucheck, yariv, ttung, raghuc1, trvish, pfung Reviewed By: mmarucheck CC: gregschechte, jacl, lshepard Differential Revision: https://phabricator.fb.com/D410960 Task ID: 926377
Summary: This allows developers to silently refresh their access token by calling Facebook.refreshToken method. This SDK will try to call our Facebook Android App which will handle the API call. Test Plan: This requires adding a refresh token service to our sdk. See D364973. After that try using the new Hackbook example. Reviewers: jimbru, raghuc1, brent, dalves, ttung, yariv Reviewed By: jimbru CC: dalves, jimbru Differential Revision: https://phabricator.fb.com/D366540 Task ID: 799996
Summary: There are two types of access tokens: - ones that doesn't expire (expiresIn == 0) - ones that have some expiration period( (expiresIn > 0) When we receive a new token from FB server for both them we call the setAccessExpiresIn method. Because of that: 1. We shouldn't ignore the "0" value 2. We should also expect tokens that have long expiration period. For example 60 days is 2592000000000 miliseconds which is too much for an integer variable to handle :) Test Plan: Tried Login In / Logout for both types of tokens. Reviewers: jimbru, yariv Reviewed By: jimbru CC: kamil, jimbru Differential Revision: 370353
Summary: Cleaning of the Hackbook code. Main reason of this commit is mixing tabs and white spaces inside the code, which makes the code ugly (for example browsing the code inside github). In addition I also refactored few other things: - I tried to wrap the lines to 100 characters per line (80 per comments) - at least in those places where it made sense - Remove trailing whitespaces and unnecessary blank lines - Add missing @Override adnnotations - Fixed syntax in some places (like "for(i=0;..." -> "for (i = 0;...") - Added missing 'static' keywords Test Plan: Run the app and see if everything works :-) Reviewers: jimbru, raghuc1, vksgupta, dalves Reviewed By: dalves CC: platform-diffs@lists, nbushak, dalves Differential Revision: 370079
Summary: This is the android sdk side of D340841. The hope is that developers will be able to take the key they passed in and past it into their application, thus skipping the necessity of having keytool and openssl. It also reduces frustration. Test Plan: This requires a change to our sdk :-/, which currently dosn't show error descriptions. Anyone know how I can push a change to the git repo? We start with non-useful error message. After applying this and the sdk change, we get the message https://our.intern.facebook.com/intern/pixelcloud/image.php?id=31789 after pasting in our key from the message, sso succeeds https://our.intern.facebook.com/intern/pixelcloud/image.php?id=31787 Reviewers: yariv, jimbru, ahimel, brent, lshepard Reviewed By: jimbru CC: platform-diffs@lists, ptarjan, naitik, rhe, jimbru, yariv, lshepard Differential Revision: 341355 Revert Plan: ok Platform Impact (PUBLIC): Android SSO invalid_key failures will now contain the key that developers attempted to use. If this key were to be copied directly into the application settings, SSO will work properly for this application. This makes it so that developers never have to mess around with keytool/openssl. They can just attempt a request with a dummy string, then use the error string returned by our endpoint.
Summary: The sample app includes SSO, feed and apprequests dialogs, get friends via graph or fql, post on friend's wall, get nearby places and check-in to a place, upload photo from local media gallery or remote server and Graph API Explorer Test Plan: The sample app can be downloaded from: https://developers.facebook.com/attachment/Hackbook.zip. Try it out and lmk if code can be optimized or other changes. Reviewers: lshepard, mattwkelly, dkim, dlim, caabernathy, omids Reviewed By: dkim CC: platform-diffs@lists, nbushak, vksgupta, ccwu, erling, dlim, dkim Differential Revision: 325685
Summary: For the oauth, feed, request dialogs, removed the title bar and added the 'x' button on the top left corner which when pressed dismisses the dialog. Test Plan: Launched Hackbook and click on Login or requests, feed dialogs and confirm that there is no title bar and the cross button is rightly displayed and dismisses the dialog. Reviewers: lshepard, yariv, jimbru, dkim, ttung, omids, raghuc1 Reviewed By: ttung CC: caabernathy, brent, vksgupta, mattwkelly, lshepard, ttung Differential Revision: 333017 Task ID: 700698
This fixes dialog sizing on devices with small screens. In particular, the bottom buttons will now be visible and no longer hang off the screen.
This change allows developers to attach an arbitrary object to an asynchronous Facebook request that will be returned in the request's callback, which should make it easier to distinguish the returns from concurrent requests.
Updated the dialog() method to always include app_id. This will prevent an error if a dialog is requested and the application doesn't have an access token.
This is useful for testing single sign-on in the emulator. To install, run: adb install Facebook.apk
Summary: This change adds support for "single sign-on" to the Android SDK as announced here: http://developers.facebook.com/blog/post/423 This change is mostly transparent and should require only a few updates to your code. You'll need to modify your code as follows: * Move your applicationId from the authorize method to the constructor for the Facebook class * Insert a call to the authorizeCallback() method at the top of your Activity's onActivityResult() function. * Register your Android key hash in the Facebook developer application. Note that stream dialogs do not yet work with single sign on, but we will add support soon. For more details, check the README file. If you have issues or bugs, please report them to: https://github.com/facebook/facebook-android-sdk/issues [ Note: this is a squashed commit with contributions from Yariv Sadan, Jim Brusstar, Arun Vijayvergiya, Brent Goldman, and Luke Shepard]
test plan Run Android SDK example, at the same time check the android log. make sure when calling authorize, UIServer stream publish dialog, api call, the log show the url and make sure it contain sdk=android parameter.