14 DAY TRIAL // Facebook is moving to add full HTTPS support for its site and this means third-party app maker have to fall in line as well. The deadline for adding a secure URL option as well as OAuth 2.0 support for Facebook apps was October 1st.
With that gone, Facebook is now moving to clean up and enforce the new rule by making life harder for apps that don't comply.
"As we announced in May, all apps must support OAuth 2.0 for authentication and HTTPS (Canvas and Page Tab apps only) by October 1st," Facebook's Jerry Cain writes.
"Now that this date has passed, we are moving forward with a plan to remove all non-OAuth endpoints and limit the distribution of Canvas and Page Tab apps that have not provided a Secure URL," he adds.
As such, Facebook is automatically enabling two migration options for all Canvas and Page Tab apps.
"Starting today, we are auto-enabling two migrations in the Dev App: signed_request for Canvas and Encrypted Access Token," Facebook explained.
Facebook is not outright removing or banning apps that haven't set up a secure URL just yet.
However, it is limiting their distribution, one way of doing this is with an interstitial dialog which warns users that the app does not support secure browsing when they try to launch it.
Facebook may implement other measures in the future, until everyone updates their apps.
The site is also moving forward with support for OAuth 2.0 by making it mandatory for all apps. The first step is to prevent apps from using either the old JavaScript Library or the old iPhone SDK to authenticate users.
The decision on whether the same will be done for the old PHP SDK or the current JavaScript SDK has not been made.
Facebook is gradually coercing developers to start using the more secure options, but it has not opted for a full-on assault on out-of-date apps, just yet.