Facebook says starting today, Oct 1st, we need to drop the session_key and sig params and add the access_token.
I made the changes to XFacebookPlatform.as as Facebook suggested:
var challengeResponse:String = "access_token=" + fb_access_token;
challengeResponse += "&api_key=" + responseMap.api_key;
challengeResponse += "&call_id=" + responseMap.call_id;
challengeResponse += "&method=" + responseMap.method;
challengeResponse += "&nonce=" + responseMap.nonce;
//challengeResponse += "&session_key=" + responseMap.session_key;
//challengeResponse += "&sig=" + responseMap.sig;
challengeResponse += "&v=" + responseMap.v;
However I keep getting not-authorized failures no matter what I try. My access_token comes from the actionscript-facebook-api - it appears to be correct.
Does anyone have a working example?