What started out as a simple plan to support the improved desktop authorization for Facebook Connect - Authorization and Authentication for Desktop Applications - has turned out to be a significant overhaul of just about everything.

The old login process looked something like this:

• try to authenticate using existing session or send a request to obtain an auth token
• handle response for auth token
• generate URL to display login window if a valid auth token was received
• display login window
• wait for user to do something (i.e. login then close the login window)
• when the login window is closed send a request for an auth session
• handle response for auth session, if it's good it's safe to assume the user login was successful, store session info, etc... - otherwise clean up and get ready to do it all again
• notify application that a user logged in

The new login process is much much simpler:

• try to authenticate using existing session or display login window
• wait for user to login if necessary
• save login session immediately when Webkit loads the result and notify application that a user logged in

We now get the login authentication and session information directly from Webkit once a user has logged in. No more blindly firing off requests after the user does something (closed the login window). Additionally, applications can now offer users the option to extend multiple permissions as part of the login process. No more trying to catch URLs, checking existing app status, and directing the user to a new page. Saving and restoring sessions is now automatically part of the login process.

What we ultimately end up with is far less crap. Parts of the MKFacebook class have been either deleted completely or moved to MKFacebookRequest, where they really belonged in the first place. Methods and classes previously marked as deprecated have been removed.

There have been a lot of changes so please read the updated documentation - 0.9.0 Documentation. An updated getting started guide will be available soon as well as a detailed documentation for transitioning between 0.8.x and 0.9.0.

Here are some cool new things for 0.9.0:

• support for Facebook Connect authentication
• simplified login process
• ability to automatically extend multiple permissions after login
• improved documentation
• improved session handling

Known issues:

• cannot extend permissions using session loaded from disk
• documentation doesn't render correctly in Camino

Things to do:

• JSON support using json-framework
• defined protocols and documentation for subclassing MKFacebookRequest
• add ability to provide unique login successful html redirect