0

SimCity BuildIt, HayDay, and Paradise Bay (near as I can tell) are all doing FB login via server based authentication. (FB API versions 2.2, 2.2, and 2.6 respectively)

They all use "response_type=token,signed_request" and they all use some variant of "redirect_uri=fbXXXXXXXXXXXXXXX://authorize" where the XXX's are the FB App ID. This is very confusing because I have no idea how to actually get the token if the redirect is going back to Facebook.

It would make sense if there were an "authorize callback URI" but FB only provides a "de-authorize callback URI".

I'm not looking to use a different token type, or a different redirect strategy. This is for a mobile game and I imagine there's a good reason why all the major games do auth this way. I also can't use the Facebook SDK due to the extra amount it adds to the over-the-air binary size; Apple still limits OTA to 100MB.

Wisteso
  • 348
  • 3
  • 14
  • How much is the huge bloat? – WizKid Oct 16 '16 at 04:22
  • 50 MB to our over-the-air size. Our current size is just barely over 100 MB so that would be a 50% increase just for something that can be done using a web approach for no binary size cost. I've mostly figured it out though. Will post back when I have the full answer. – Wisteso Oct 16 '16 at 06:10
  • No it doesn't. Measure the Binary and not the SDK that you download – WizKid Oct 16 '16 at 06:22
  • It does not add 30 MB in release mode – WizKid Oct 16 '16 at 20:33
  • (Wouldn't let me edit last comment, sorry for deleting) Before adding FB SDK the Universal binary was 74 MB. After it was 136 MB. Though the project was also upgraded to Unity 5.4 (from 5.3) during the same time. I'll have to look into it. Do you know what amount it would add? Because using the web auth basically adds nothing to the binary size. – Wisteso Oct 16 '16 at 20:48
  • If you upgrade Unity that could be the reason. Also did you do a release build? I would expect that it adds less then 1 MB. – WizKid Oct 16 '16 at 23:39

1 Answers1

0

Figured this out finally. So the fbXXXXXXXXXXXXXXX://authorize redirect is meant to be used in combination with an iOS URL Scheme where you register the scheme using your APP ID prepended with "fb". Then Facebook will append a bit of data to the end of the redirect URL. So your final result looks something like fbXXXXXXXXXXXXXXX://authorize/#signed_request=<user_token>&expires_in=1234567 where the <user_token> is a long SHA256 encoded value (using your app secret).

This means that URL should end up getting passed as arguments to your app where you can decode and unpack the args as needed and then use the token for your subsequent requests such as https://graph.facebook.com/v2.8/me/friends?access_token=<user_token>. Since we are using Unity 5 this meant adding a small bit of code in a custom UnityAppController subclass.

Although it's somewhat outside of the scope of this question, to maybe save other Unity devs some headache, the code for the UnityAppController subclass would need to be something like...

#import "UnityAppController.h"

@interface MyAppController: UnityAppController {}
@end

@implementation MyAppController
- (BOOL)application:(UIApplication*)application openURL:(NSURL*)url sourceApplication:(NSString*)sourceApplication annotation:(id)annotation
{
    const char *URLString = [[url absoluteString] UTF8String];
    UnitySendMessage("_MyUnityObject", "MyMethod", URLString);
    return [super application:application openURL:url sourceApplication:sourceApplication annotation:annotation];
}
@end

IMPL_APP_CONTROLLER_SUBCLASS(MyAppController)
Community
  • 1
  • 1
Wisteso
  • 348
  • 3
  • 14