README.md in omniauth-facebook-8.0.0 vs README.md in omniauth-facebook-9.0.0
- old
+ new
@@ -42,11 +42,11 @@
`display` | `page` | The display context to show the authentication page. Options are: `page`, `popup` and `touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/
`image_size` | `square` | Set the size for the returned image url in the auth hash. Valid options include `square` (50x50), `small` (50 pixels wide, variable height), `normal` (100 pixels wide, variable height), or `large` (about 200 pixels wide, variable height). Additionally, you can request a picture of a specific size by setting this option to a hash with `:width` and `:height` as keys. This will return an available profile picture closest to the requested size and requested aspect ratio. If only `:width` or `:height` is specified, we will return a picture whose width or height is closest to the requested size, respectively.
`info_fields` | `name,email` | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
`locale` | | Specify locale which should be used when getting the user's info. Value should be locale string as per https://developers.facebook.com/docs/reference/api/locale/.
`auth_type` | | Optionally specifies the requested authentication features as a comma-separated list, as per https://developers.facebook.com/docs/facebook-login/reauthentication/. Valid values are `https` (checks for the presence of the secure cookie and asks for re-authentication if it is not present), and `reauthenticate` (asks the user to re-authenticate unconditionally). Use 'rerequest' when you want to request premissions. Default is `nil`.
-`secure_image_url` | `false` | Set to `true` to use https for the avatar image url returned in the auth hash.
+`secure_image_url` | `true` | Set to `true` to use https for the avatar image url returned in the auth hash. SSL is mandatory as per https://developers.facebook.com/docs/facebook-login/security#surfacearea.
`callback_url` / `callback_path` | | Specify a custom callback URL used during the server-side flow. Note this must be allowed by your app configuration on Facebook (see 'Valid OAuth redirect URIs' under the 'Advanced' settings section in the configuration for your Facebook app for more details).
For example, to request `email`, `user_birthday` and `read_stream` permissions and display the authentication page in a popup window:
```ruby
@@ -56,11 +56,11 @@
end
```
### API Version
-OmniAuth Facebook uses versioned API endpoints by default (current v4.0). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v7.0 (assuming that exists):
+OmniAuth Facebook uses versioned API endpoints by default (current v5.0). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v7.0 (assuming that exists):
```ruby
use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
client_options: {
@@ -85,11 +85,11 @@
info: {
email: 'joe@bloggs.com',
name: 'Joe Bloggs',
first_name: 'Joe',
last_name: 'Bloggs',
- image: 'http://graph.facebook.com/1234567/picture?type=square',
+ image: 'http://graph.facebook.com/1234567/picture?type=square&access_token=...',
verified: true
},
credentials: {
token: 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
expires_at: 1321747205, # when the access token expires (it always will)
@@ -150,10 +150,10 @@
If you use the server-side flow, Facebook will give you back a longer lived access token (~ 60 days).
## Supported Rubies
-- Ruby MRI (2.3, 2.4, 2.5, 2.6)
+- Ruby MRI (2.5, 2.6, 2.7, 3.0)
## License
Copyright (c) 2012 by Mark Dodwell