What's Up?
Earlier this week we launched several updates to our Facebook application and updated the way people can link their accounts with Facebook through the site. Among these updates we switched the way user authentication is done from the older and no longer supported “Facebook Connect” to the newer universal standard of “OAuth 2.0″.
What's Different?
There are two changes that employees will notice in their daily use of the site or Facebook Application. First, we are now requesting two levels of access to users profiles. You may be prompted to approve this the next time you login to SubItUp using Facebook and we encourage you to accept. The types of access we are requesting are the ability to post to your wall and the ability to access your information when you are not logged into Facebook. The later may seem dubious, but we ensure you that the only things we have access to are public profile information. The ability to post to your wall is something you’ve already approved, but will need to be approved again based on the updates.
The ability to post to your wall when you are not logged in will be beneficial moving forward. Further integration with Facebook will be done so that you can always fully opt in or out through your SubItUp account settings. We’re working on creating available shift updates through Facebook. So when any shift becomes available you’ll be notified on your Facebook wall.
The second noticeable change is simply a streamlining of three actions: Initially linking your account with Facebook, using the one click “Login with Facebook” button, and the logout button. These should work a little more smoothly, quickly, and work better for all of the browsers.
Why the Change?
We felt it was important to switch from “Facebook Connect” for two reasons. To understand, you’ll need to listen to me gripe about Facebook… Facebook has gone through more than a handful of different types of connections and different ways to allow developers to integrate to, and connect with, their platform. Frustratingly, they have failed to stick with any one thing for an extended period of time and have failed to document and support many of the short-lived standards. Different types of connections allowed developers to do different things at different times, some of which are completely unsupported now. This resulted in many developers cobbling together different types of connections to the same account to work around Facebook’s limitations. The unexpected nature of many of these changes has left people hesitant to become too reliant on Facebook and more specifically reliant one single way to integrate.
It seems like times are changing at Facebook however, they seem to have settled on some long-term standards and are ending support for the older types of connections. In the long-term this is a great thing, short term this is both a blessing and a curse.
Monday we received an e-mail from Facebook giving us 48 hours to update our existing platform to work around a vulnerability they have uncovered in their older platforms, to the newer OAuth 2.0. Ultimately we decided to do a complete overhaul of the user authentication using OAuth 2.0 because that is the best long term solution and would give our users the most reliable security moving forward.
If you haven’t already you can link your SubItUp account with Facebook on the employee homepage and you can access our Facebook app by searching for SubItUp in Facebook, or click: SubItUp’s Facebook App. Our efforts with Facebook are just one of the ways we are making scheduling more social.
Image credit http://www.flickr.com/photos/birgerking/