Oauth 2.0 October 1st deadline, what exactly happens with old FBML apps?

I'd like a clarification from someone at Facebook about the Oct 1st HTTPS deadline and it's impact on old FBML apps..

As per: http://developers.facebook.com/docs/oauth2-https-migration/

Facebook says: "an SSL Certificate is required for all Canvas and Page Tab apps (not in Sandbox mode and not FBML)"

Well, my app is NOT in sandbox mode and FBML.. which would mean HTTPS is not required. Am I misunderstanding this?

If I'm not, then how will this be working after Oct 1st? As, https://apps.fac开发者_如何学运维ebook.com/app-name doesn't work without a Secure URL listed.. and you'll get error messages saying Secure URL will be required by October 1st.

And to make matters even more confusing, if you do keep it as FBML, and add a valid Secure URL, you'll get the error "No Response Received". (It's not a server side / ssl issue, because changing the app to iframe works)

This is very worysome.. I'd like a straight answer with what will happen, or if they'll give us a couple days to straighten things out, etc..

Others have shown concern, but with no official answer:

Are FBML apps required to provide HTTPS canvas url by 1st of October?

Are FBML apps required to upgrade to OAUTH access token by October 1st?

I think I've finally found the answer on this page: http://developers.facebook.com/roadmap/

Under "October 1, 2011", 2. Apps on Facebook Authentication and security migration (HTTPS)

..... You must provide an SSL certificate in the Dev App settings to avoid having your app disabled.

It looks like they're saying FBML will continue to work (I can't find a date that this will end) but iframe apps without SSL will be disabled.

Just received this email from facebook, which I guess answers my question.. with meaning YES, you have to migrate to iframe+ssl? :(

Dear Developer of Fish Wrangler,

Reminder: Upgrade Your App to OAuth 2.0 and HTTPS by October 1st. In May we announced that all apps on Facebook need to support OAuth 2.0 and HTTPS to make the platform more secure.

All apps, including page tab apps, must migrate to OAuth 2.0 for authentication. The old SDKs, including the old JavaScript SDK (FeatureLoader.js) and old iOS SDK (facebook-iphone-sdk) will no longer work. In addition, non-iframe Canvas and Page Tab apps must support HTTPS and provide a secure canvas or secure page tab URL.

If you haven't already made these changes, visit the Developer Roadmap before October 1st for more information about how to upgrade your app and avoid having it disabled.

You can also seek support in the Facebook Developer Group: https://www.facebook.com/groups/fbdevelopers/

There are still a few Apps out there that are working but most of them are not because they were not using SSL. So when using a third party app to create a fan page tab, it may cease to work as well.

You can always use Versitek Tabs as an alternative if you don't have access to SSL. http://tabs.versitek.com