Recently facebook opted for a Single Sign On process that make things a touch easier for users by not forcing them to login to their account if they are already logged in from some other facebook application on the phone. Unfortunately, this also makes things a touch harder for developers.
Firstly, the default facebook authentication process now causes the user to exit the app (to the background actually) to either a safari web browser page or to the facebook application for iphone (if installed) so that he can authorize the application for doing sundry things on his profile. Then once the user has done so, the facebook app or Safari exits and gives control back to your app (brought in from the cold from the background) to carry on. This IMO is a bit clunky and jarring for the user. Why can’t developer use the good old in-app sign in process wherein facebook connect used to pop up with a simple sign-in form? Facebook claims the new way is a better user experience and more secure to which I say “pfft!”
Secondly, this works only with a multi-tasking environment (ios 4) and while there’s only a tiny percentage of users who haven’t upgraded to the latest ios version you may need to account for them if your app targets legacy devices.
Thirdly, this requires developers to fiddle about with URL Types and handling a callback that facebook will jump to once the authentication process is completed via the browser/facebook app. Why bother when developers can still leverage the in-app pop up form from facebook connect and avoid all the above hassles? Yes I know this is not officially supported but by changing a single line in the source you can access this hidden gem once again!
The offending line is in facebook.m:
- (void)authorize:(NSArray *)permissions delegate:(id<FBSessionDelegate>)delegate { [_permissions release]; _permissions = [permissions retain]; _sessionDelegate = delegate; [self authorizeWithFBAppAuth:YES safariAuth:YES]; //*** OFFENDING LINE *** }
See that line I have marked with the “OFFENDING LINE” comment? Well change it to:
[self authorizeWithFBAppAuth:NO safariAuth:NO];
and you’ll never have to exit the app to authorize the application by the user! Magic eh?
Disclaimer: I didn’t “discover” this trick. I’m merely the messenger. 😉