Optionally remove use of appsecret_proof

[freddy-craftsy]

Is there any chance you think it would be a good idea to make the use of appsecret_proof optional? It fails for me every time I try to create a session with it. Obviously works fine if I remove it.

https://github.com/facebook/facebook-python-ads-sdk/blob/master/facebookads/session.py#L66

Thank you,
Freddy

[agriffis]

At least one API truly requires the appsecret_proof: https://developers.facebook.com/docs/marketing-api/businessmanager/systemuser/v2.3#generate-token

You're better off debugging why your code isn't working. The appsecret_proof is an important part of protecting you and your users. It's effectively 2FA for server applications, since it requires the user token (typically stored in DB) and the app secret (stored in code, or preferably config env).

[ebzlo]

Hey @freddy-craftsy
@agriffis makes a good point in this instance, you should be working to get your appsecret_proof in a working state, especially in context of an application.

With that said, we will be making the appsecret_proof optional for instances where you want to write a quick script and have the access_token handy somewhere.

[freddy-craftsy]

Totally makes sense. I haven't configured the app and don't have control
over that, so that's most likely where I need to fix something with the
appsecret proof.

But yes, this script is that exact scenario where it's something small and
one-off.

On Tue, Apr 21, 2015 at 3:18 PM, Evan Chen notifications@github.com wrote:

Hey @freddy-craftsy https://github.com/freddy-craftsy
@agriffis https://github.com/agriffis makes a good point in this
instance, you should be working to get your appsecret_proof in a working
state, especially in context of an application.

With that said, we will be making the appsecret_proof optional for
instances where you want to write a quick script and have the access_token
handy somewhere.

—
Reply to this email directly or view it on GitHub
#47 (comment)
.