Ok, thanks for clarifying! I can't find it right now, but one of the tutorial I stumbled upon stated that clipping was necessary in order for the rasterizer to remain inside its buffer. Somehow, I understood it was my responsibility to do that, not the hardware's. All the better then, I'll just remove invisible polygons and leave partially visible polygons as they are!
Building the authentication address (ie: the one that gets spit to stdout) is not hard at all; in fact it's just a composition of client_id, redirect_url and a couple more things. The problem is that you need on output out of that address, and I can't tell any browser/platform-independent reliable way of getting some random text out of another program's memory. Obviously, I won't ask the user to do a copy and paste over some 30 characters long opaque string. People could take it as if you're trying to hack their account. As swiftcoder pointed out, the suggested way is to embed a browser directly inside my app, which is just not doable.
I wish I could see that earlier... I never scrolled that page to the bottom :/ Too bad for them then, no facebook support. It's fairly stupid, as the oauth2 system provides a request_token based authentication that would work pretty nicely -- http://cms.getsatisf.../authentication and http://www.reijo.org...rvice-providers I thought they were using some alternate method or that I was wrong, instead they just disabled it... Thanks for helping, I think we will only use the iOS library they provide and leave the pc versions facebook-free.
@SiCrane: I've checked the libraries you linked and:
lib 1 prints to stdout an url to copy-paste into your browser, then asks to copy back whatever url the user is redirected to; that's exactly what I'm trying to automate
lib 2 I already had seen it; it relies on QNetworkAccessManager, which /somehow/ returns the redirected url. It's really not clear how that's possible at all because when the user logs in to facebook he might be subscribing for the first time, so you can't just ask for the 3rd redirected url for example AND the user could get distracted, close the tab, open one more, go to a porn site and then come back to the game, so you can't ask for the last url he visited. I'll check Qt source code anyways.
@Swiftcoder: I'm sorry but I still don't get it. In fact I'm the least fit person for internet-related programming, and yet they choose me.
Where do I get these cookies from? Can you give me an example please?
My understanding is that I open an url using the default browser using ShellExecute. It might start Explorer, Opera or even some home-made browser. The browser then shows the login page, and upon successful login it will receive the cookies (not my program). The best I can do is to wait for the process to terminate, but that doesn't give me a clue on where to find the browser's cookies or the redirected url.
Maybe I'm missing something obvious but... doesn't parseSignedRequest() expect a signed_request already? Its caller (line 484) is getting it from the session or from some cookie, but I don't have either of them in our game. I could get a signed_request out of apps.facebook.com/<appID>, but that too seems to rely on cookies. As soon as I try to get that same page from a ruby script for example, the base64-encoded signed_request results into a mostly empty json structure.
My understanding of the flow in oauth2 is:
client asks for an access_token
client fires up a browser asking the user to login and allow whoever is using that access token to mess around with his account
focus gets back to the game, and if the access_token has been validated it can be used for a limited time
I suppose I'm wrong, but then I don't understand how I can do a two-way communication with a browser launched via ShellExecute.