I just finished a writeup on the necessary JS changes to support Facebook’s OAuth 2.0 upgrade, and then Hilary did a followup post on the server-side.

The upgrade enabled right now, but it gets forced out on October 1st. These two posts should give you all you need to know to get your site ready for Facebook’s upgrade:

Part 1: JavaScript - JavaScript changes for Facebook’s OAuth 2.0 upgrade

Part 2: PHP / Backend – Server Side changes for Facebook’s OAuth 2.0 upgrade

Also worth noting, there’s a lot of good information on Facebook’s Developer Blog.

I’ve seen a lot of confusion about this lately, so I thought I’d make a quick writeup to explain how facebook does it. (I’ll also give a quick tip on how you can do it yourself.)

What Facebook Does

Facebook is in a unique position compared to many developers looking to set cross domain cookies: The user visits both facebook.com and the other website. (more…)