Unfortunately, their Python SDK was not so lucky. In July, they quietly announced that the Python SDK would be unsupported by Facebook in the future.1 If you are using the formerly-official Python SDK for Facebook, you need to figure out how to update your applications on your own.
get_user_from_cookie function in the Python SDK would need to be updated.
fbs_. The Facebook user ID and access_token were stored in a plain-text dict. With OAuth 2.0, Facebook is now using a cookie prefix of
fbsr_ and encrypting its cookie data. Using the source of the PHP SDK and relying on my experience authenticating with application-specific tokens, I wrote code to decrypt the information in the cookie, send it to Facebook's OAuth endpoint, and return the access_token in the same format (plain-text dict) as the previous Python SDK, so that I was not forced to rewrite the rest of my application.
Unfortunately, the code is too long to post here, but you can view it at
my fork of the Python SDK the pythonforfacebook fork of the SDK on Github. I am not certain that it is bug-free, but it seems to work fine on MP3 Gift.
This change came without any warning, after several months of silence. Facebook also deleted the bugtracker on the Python SDK's Github repository, deleting a significant amount of the conversation about the best fixes for errors found in the original code they produced. As you can imagine, this fragmented the community. There are several forks of Facebook's code on Github, but there is no longer any conversation about bugfixing or features, let alone best practices.
While one of the themes of Facebook's Developer Love initiative is "communication", this significant change was virtually hidden. There was no post on the developer blog announcing the change. The Python SDK's source has still not been updated to warn new developers that it is unsupported. I suspect that the only reason that the bug was updated was to provide sufficient rationale for closing it. ↩