Lets say I have a website where I allow users to perform actions (communicate, post photos, etc) on their friends on my site (they are friends on Facebook). This is private information between User A and User B.
Before the new Open Graph [beta] I would encode as much information as needed in the original POST
request. But now Facebook has moved to a more "callback" scheme where I do a simple POST
and provide a URL which FB then hits via GET
and I provide series of og:
tags to describe the core content - all of this is the information that I would have PREVIOUSLY provided in the first and only POST
request.
Here in lies the problem though: I have to provide a completely un-authenticated URL for FB to hit (the GET
) and it has to be the same URL the app will use in the Timeline, so I cannot make a special, secure by obscurity URL as the callback, but provide a "friendly" URL (which would require authentication) to be used as the click through URL in the timeline.
Am I understanding this correctly?
EDIT: this would also be a different issue if FB when doing the callback GET
would provide some kind of authentication data in the URL or HTTP headers, but after examining the complete HTTP details in the GET
requ开发者_JS百科est FB is giving us nothing other than a special User-Agent
that we can use to differentiate the request.
UPDATE: I believe this question is driving at the same issue. IF we can provide a different og:url
on our gibberish "callback" page then it would make things a lot easier.
Can You Have Your OpenGraph Object Link to a Different URL?
Are you sure open graph is the best solution for your application?
By definition the actions go into a user's timeline so if you simply want to share a generic action "i.e. Ted answered Cody's question" but not link to that answer as it is private, why not build a static page with the generic information in og: tags and place your link back to that. This way you can share the activity without exposing the details.
In our application many postings occur in in-accessible pages so we've altered public pages to dynamically expose the right og: data when Facebook goes looking. It's not perfect as users can see it but this way we can show nothing for a private entry and everything on a public one.
精彩评论