The facebook development releated knowledge, Graph API, Authenitication, and FQL.

1. ApiFacebook development by Wang Tao at Ethos / 2011-2-17

2. About me @anytao in twitter A .net geek in China

3. Facebook & its API overview graph Api FQL authentication current solution Other Social Network: Twitter, t.sina

4. Overview Plugin FBML FB App SDK Testing

5. Restful API

6. Restful Api https://api.facebook.com/method/[name] users.hasAppPermission users.isAppUser users.getLoggedInUser Benefit Easy SOA Resource Only Http Stateless Light Weight Simple Readable Json and XML deprecated https://api.facebook.com/method/users.getInfo?uids=555020699&fields=name&access_token=…

7. Graph API Simple, Consistent, and Connected

8. Objects

9. Object user page message status message photo video http://graph.facebook.com/anytao http://graph.facebook.com/platform https://graph.facebook.com/{ID}

10. Simple https://graph.facebook.com/{ID} Me https://graph.facebook.com/me/friends

11. Data object as URL! Consistent All objects in Facebook can be accessed in the same way: Users: https://graph.facebook.com/btaylor (Bret Taylor) Pages: https://graph.facebook.com/cocacola (Coca-Cola page) Events: https://graph.facebook.com/251906384206 (Facebook Developer Garage Austin) Groups: https://graph.facebook.com/195466193802264 (Facebook Developers group) Applications: https://graph.facebook.com/2439131959 (the Graffiti app) Status messages: https://graph.facebook.com/367501354973 (A status message from Bret) Photos: https://graph.facebook.com/98423808305 (A photo from the Coca-Cola page) Photo albums: https://graph.facebook.com/99394368305 (Coca-Cola's wall photos) Profile pictures: http://graph.facebook.com/anytao/picture (your profile picture) Videos: https://graph.facebook.com/614004947048 (A Facebook tech talk on Tornado) Notes: https://graph.facebook.com/122788341354 (Note announcing Facebook for iPhone 3.0) Checkins: https://graph.facebook.com/414866888308 (Check-in at a pizzeria)

13. feed

14. posts

15. friends

16. picture

17. photos

18. …Objects + connections http://graph.facebook.com/anytao/picture http://graph.facebook.com/me/friends

19. Json return { "data": [ { "id": "555020699_160639637289676", "message": "I agree with Reg, this makes me really proud to live in Toronto...", "picture": "http://external.ak.fbcdn.net/safe_image.php?d=ace00444e7daf6cb40d8605fae85c257&w=130&h=130&url=http%3A%2F%2Fi.ytimg.com%2Fvi%2F-KGLgDQAo5U%2F0.jpg", "link": "http://www.youtube.com/watch?v=-KGLgDQAo5U&feature=youtube_gdata_player", "source": "http://www.youtube.com/v/-KGLgDQAo5U&autoplay=1", "name": "Hoedown Throwdown", "caption": "www.youtube.com", "description": "I got off the subway at Bloor and Yonge last night, and this is what I saw; some buskers with a fiddle and a banjo were playing, and these four other guys just started to pop it and lock it, apparently just for the hell of it. It cheered me right up.", "icon": "http://static.ak.fbcdn.net/rsrc.php/zj/r/v2OnaTyTQZE.gif", "actions": [ { "name": "Comment", "link": "http://www.facebook.com/555020699/posts/160639637289676" }, { "name": "Like", "link": "http://www.facebook.com/555020699/posts/160639637289676" } ],

20. Demo Every object in the social graph has a unique ID. You can access the properties of an object by requesting. https://graph.facebook.com/{ID} http://graph.facebook.com/anytao http://graph.facebook.com/anytao https://graph.facebook.com/anytao/friends?access_token=2227470867|2.0x1QCxus6HCsWaaMArPglg__.3600.1297929600-738694610|aZXed9W0Ank-2mhI73UnwIX3gYI https://graph.facebook.com/anytao/friends?access_token=2227470867|2.0x1QCxus6HCsWaaMArPglg__.3600.1297929600-738694610|aZXed9W0Ank-2mhI73UnwIX3gYI

21. FQL

22. Key advantages Common syntax for all methods Condense Facebook queries Reduce response size

23. FQL is an SQL-like syntax SELECT name FROM user WHERE uid = 4 Has AND, OR and NOT keywords Use basic boolean operators SELECT uid2 FROM friend WHERE uid = 4 AND uid2 > (4 + 1000) Enhance queries with basic functions now() strlen()

24. FQL is an SQL-like syntax substr() strpos() Example, SELECT location FROM event WHRERE eid=1234567 AND strpos(name, “facebook”) AND start_time > 10000000

25. FQL: Advanced Query SELECT eid FROM event WHERE eid IN ( SELECT eid FROM event_member WHERE uid = 4 ) AND location = “beijing”

26. FQL, not SQL No JOIN No ORDER BY No GROUP BY No LIMIT Only one table in FROM Not allowed: SELECT * FROM user, photo WHERE uid = 4

27. FQL, not SQL display most recently updated events in Bejing SQL: SELECT * FROM event WHERE location = “bejing” AND user = 4 ORDER BY update_time ASC FQL: SELCT update_time, eid, name, location FROM event WHERE eid IN (SLECT eid FROM event_member WHERE uid = 4) AND location = “beijing”

28. Demo https://api.facebook.com/method/fql.query?access_token=2227470867|2.9stmGn8B630JCOkK7xICMw__.3600.1297922400-738694610|gdYJgGegkPa71WVFv-HD2XMxi0M&format=json&query=select%20name%20from%20user%20where%20uid=621627426 https://api.facebook.com/method/fql.query?access_token=2227470867|2.gouA9cuplsTSEpAOnMBlhA__.3600.1298304000-738694610|allgk00e3d6e6S33DzFi8-kteQ0&format=json&query=select%20name,%20location%20from%20event%20where%20eid%20in%20(select%20eid%20from%20event_member%20where%20uid%20=%20738694610) select name, location from event where eid in (select eid from event_member where uid = 738694610)

29. Authentication

30. Facebook Authentication oauth 2.0 http://graph.facebook.com/anytao http://graph.facebook.com/anytao/picture <public data> http://graph.facebook.com/anytao/home?access_token= http://graph.facebook.com/anytao/feed?access_token= access_token <privatec data>

31. What is OAuth?

32. Actors on Facebook oAuth Jacky - User Explorer - Consumer Facebook - Service Provider 1 2 3 Example

33. Retrieve a request token 1 2 3 Request user authorization Exchange request token for an access token Example

34. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL

35. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream

36. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) Cookie not found, show OAuthDialog(facebook layout)

37. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) OAuth Dialog (User Authentication) Goes to App Authorization directly…

38. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) Http 302 (redirect_urlparam) OAuth Dialog (User Authentication) Don’t allow! http://YOUR_URL?error_reason=user_denied& error=access_denied&error_description=The+user+denied+your+request.

39. Facebook Authentication / Server side flow Explorer try to access FB OAuth Dialog (App Authorization) Http 302 (redirect_urlparam) OAuth Dialog (User Authentication) Allow! Redirect with Authorization Code param http://YOUR_URL?code=A_CODE_GENERATED_BY_SERVER

40. Facebook Authentication / Server side flow http://mydomain.com OAuth (App authorization) Request: https://graph.facebook.com/oauth/access_token https://graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL& client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE

41. Facebook Authentication / Server side flow http://mydomain.com Http 400 Failed! { "error": { "type": "OAuthException", "message": "Error validating verification code." } }

42. Facebook Authentication / Server side flow http://mydomain.com HTTP 302 (redirect_url) Successful authenticated! access_tokenin the body of the request

43. Facebook Authentication / Client side flow Http request HTTP 302 (redirect_url) Pass URI fragment with access_token

44. current and future

45. Current: Data crawler Get public data at first Get friends’ public data Build popular application to link Facebook user

46. Future: Data crawler provider in Cloud Design as provider Deploy and administration in Azure Get grant and permission automatically or other way

47. Other Social Twitter t.Sina Linkedin

48. Thanks :- ), @anytao

49. http://www.facebook.com/ http://anytao.net/blog Reference