I've got an existing app with a few thousand users. I'd like to add extra functionality which necessitates requesting new permissions.
Will requesting the new permissions (essentially making a new review request) move my app into unpublished status? Or will it continue to function with the existing granted permissions while login review takes place for the new?
Might be a stupid question - but didn't see any documentation on it and want to ensure I'm not cutting off service for the 4-5 days that it takes them to review/approve/possibly deny.
Will requesting the new permissions (essentially making a new review request) move my app into unpublished status?
No. Review has nothing to do with the app’s status of being in development or live.
Or will it continue to function with the existing granted permissions while login review takes place for the new?
Yes, all permissions your app had already been granted previously will continue to work. Even if your newly submitted permissions would not be approved for some reason, the already approved ones stay approved.
(That is, of course, unless they find out now, that you app uses them for something that is not compliant with Platform Policy.)
Related
As all of you know, Facebook has reset and close a lot of permissions on Graph API since Cambridge Analytica.
Recently Facebook has re-opened their API access with app review process. For the review process, we would like to submit "user_events" permission.
But the problem is to demonstrate how we are using this permission with Screencast because we currently cannot get access to "user_events" even with test users.
So how should we record screencast for "user_events" permission to submit app review?
This seems to have changed since the questions was asked.
Current status:
This edge is only available to a limited number of approved apps. Unapproved apps querying this edge will receive an empty data set in response. You cannot request access to this edge at this time.
developers.facebook.com/docs/graph-api/reference/user/events/
Is there a way for me to test permissions that are not yet granted to my app by Facebook like the "user_status" permission? I need to test "user_status" for a future app that is not yet in develop since I need to prove that what the client wants is possible.
As long as you are testing with an app admin/tester/developer, everything should work, even if the app didn't pass the facebook Review yet.
See
https://developers.facebook.com/docs/apps/review/login#do-you-need-review
However, in order to help you craft your Facebook Login experience, your app's developers will be able to see, and grant, any permission without requiring review by Facebook.
Note: People who are listed in your app's Roles tab will have access to extended permissions without going through review (e.g. publish_actions or manage_pages). For example, if you use the Facebook Plugin for Wordpress to publish your blog posts to your Facebook Page or Profile, you do not need to submit for review so long as all your publishers are listed in your app's Roles tab.
Also, if you're the developer of an app and are the only person using it, then your app doesn't need to go through review. Since you're the developer, all app capabilities should be available. You will still need to take your app out of developer mode, but you should be able to do that without going through review.
Is it required by Facebook that if a user deletes your app from their account settings, that you must remove their account/data from your database? Or if a user deletes their Facebook account you must delete their account from your database as well...I have heard this before, but can't find anything in Facebook's documentation that explicitly states this.
Quoting from Facebook's Platform Policies
You will delete all data you receive from us concerning a user if the user asks you to do so, and will provide an easily accessible mechanism for users to make such a request. We may require you to delete data you receive from the Facebook API if you violate our terms.
Also, from Facebook's Help about App Basics
Does deleting an app from my timeline mean that the developers no longer have access to my information? No. Deleting an app from your timeline simply means that it will no longer have access to any new information that you share. If you would like a developer to permanently delete all of your information, you will need to contact the developer directly.
So deriving from above two information we can say that it is up to you to either delete or not delete the User's data if the User has unauthorized or deleted your app but you should delete it when asked to delete the data by the User explicitly.
Also, there is no policy over the deletion of User's data on deactivation of the account and it is up to you to either delete it or not, but I would suggest in keeping as Facebook itself preserves all the User's data so that he may have his data intact when he reactivates.
I am just getting into adding Facebook opengraph into my app. I want to get certain graph attributes from the user, but it needs to be done continuously, even when the person is not on the site. Basically the app requires a background process that fetches content from the user's Facebook activity feed.
So my first step was to store the user's access token in a table and regularly run a cron task. However I discovered that Facebook is moving towards deprecating offline access. I know this may sound stupid to those of you who are familiar with this, but I am not sure what this means, and wanted to confirm.
My understanding is:
Beginning in May when Facebook completely switches to offline access deprecated mode, even if I store a user's access token, it will expire in 60 days.
So I could re-store the user's access token everytime she/he signs into my app
But if the user doesn't sign back into the service for more than 60 days, it's all over and the background task won't be able to crawl content from the user anymore.
Which means, for example if it was a newsletter service that sends users useful information based on the activities, if I don't ask them to sign in (they may visit my site to check out the content but the site doesn't require them to sign in to view content), the engine will stop operating after 60 days and the user will just forget about it.
Is this correct?
Check out: https://developers.facebook.com/roadmap/offline-access-removal/ It has all the answers.
But basically yes. Offline_Access is coming to an end.
We have already launched an application, but we clearly see now, that we need publish to wall permission (our approach with not requiring this from user and basing on invites doesn't work well). Can we do it? How to make sure, that users will be instantly notified about the need of accepting new permissions, rather than having our application malfunction, if they don't have them yet?
Basically, it will allow current user to perform only the permission they granted. But there is a trick to solve the malfunctioning of app as permission is changed.
Always put the permission button as first step for the application. So that if user has already given all the permission to app, it will automatically redirected to next_step mentioned. If there is all/any permission added, it will ask only for updated permission to users.
It will make your app work with new as well as old users.