By default, user_friends is granted and approved for any new FB app.
I believe this let new users not interested as of privacy risk.
how to disable user_friends permission from my app?
Regards
Use API v2.0. In API v2.0 there is no default permissions so you need to ask exactly for the permissions you want.
In API v1.0 it is not possible to not ask for user_friends.
Related
To use my website, it is essential user need to give pages_show_list permission.
Seems after Facebook login, in development mode Facebook do not ask about granting permission, why?
The only way I worked it out is with Facebook Graph Explorer. It will force to show permission popup, and set permission.
But what about real time users? What if accidentally they do not grant permission, is it a way - not with Graph Explorer - from Facebook to give permission later?
https://developers.facebook.com/docs/reference/javascript/FB.login/
Play around witz the auth_type for that. You can also check for authorized permissions with the /me/permissions endpoint: https://developers.facebook.com/docs/graph-api/reference/user/permissions/
User_friends is a default permission.
I have tried to remove for the application but the only thing that I realize is that I remove just for one user for me using:
delete user-id/permissions/user_friends.
I would like that my app to never ask this permission for all the users.
So please tell me how to proceed:
what to use at Access Token
what is the query
In API V2.0 and higher there are no default permissions other than basic_info.
Although user_friends is approved by default, unless you're including it in your app's login code, user_friends won't be part of the permissions new users are prompted to accept
I'm quite confused about Facebook's new publish_pages permission.
My Facebook app allows our CMS users to post to their Facebook pages via our CMS, posing as the page.
We have been granted (via the login review process) the manage_pages and publish_actions permissions.
The API change log states this:
publish_pages Permission - This new permission is required to publish as a Page. Previously publish_actions was required. People who granted manage_pages and publish_actions before v2.3 have automatically been granted publish_pages. If anyone logs in via v2.3, you'll need to request publish_pages explicitly in addition to manage_pages.
We have not been granted the publish_pages permission automatically.
The blog post here states:
For Page developers, we've added the ability to deliver more content on a Page via real-time updates (RTUs). A new Login permission, publish_pages , is now required for apps to publish on behalf of Pages; previously, this required publish_actions.
So it sounds to me like if we upgrade to use API 2.3, our service will no longer work, because we haven't been granted publish_pages.
The documentation states this:
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
We do want to post in the voice of the page, as we do currently.
Therefore I opened a new login review request and summarised all of the above, quoting their changelog. Facebook's response was this:
You don't need the publish_pages permission because you already have the publish_actions and manage_pages permissions granted. Publish_pages is a new feature that allows an app to publish to a managed Facebook fan page, but your previously granted permissions contain this functionality already.
Is it just me, or does that response conflict with everything else they've written?
So my question is simply, do we need this new permission going forward or not, and have they wrongly not automatically granted it to us?
Well apparently Facebook's supports response is in some manner wrong.
If you want to post on Page on behalf of the user manage_pages and publish_actions publish permissions are passable for post action.
If you want to post on behalf of the page you also need publish_pages permission, without this all v2.3 api calls will return OAuth Error. There might be other privileges for managing your pages under this permission i don't know
If a user is to authorize an app to read their own posts, what Facebook permission does that app need? read_stream ?
According to Facebook docs, read_stream is not granted to normal apps, and only to Facebook-branded apps on platforms where Facebook is not available (tldr; no one will ever get this permission any more).
What is the alternative for normal Facebook apps? can we not read a user's wall anymore through apps? (I remember this was possible before)
To get a users posts you can use user_status permission that is explained at https://developers.facebook.com/docs/facebook-login/permissions/v2.2#reference-user_status
Getting some conflicting information from Facebook currently on whether or not the read_stream permission is actually deprecated for non-Facebook branded apps moving forward. I know recently the change was made to require app-specific access tokens for read-stream permissions.
In the Facebook graph explorer it looks as though my existing application which was already granted an app-specific access token for the read_stream persmission is still providing access to the [user-id]/posts endpoint, although I also noticed that searching for this endpoint in the reference takes you now to [user-id]/feed, which also requires the read_stream permission.
When searching the read_stream permission in the reference however, it now reads:
This permission is granted to apps building a Facebook-branded client on platforms where Facebook is not already available. For example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop and TV apps will not be granted this permission.
Blockquote
Wondering if anyone from Facebook or outside can actually confirm that this endpoint is now closed to 3rd-party apps, and if there is any explanation whatsoever for why?
Now someone can use "user_posts" permission - This new permission allows an app to access the posts on a person's Timeline. This includes the someone's own posts, posts they are tagged in and posts other people make on their Timeline.
This is a useful alternative to News Feeds.
Previously, this content was accessible with the read_stream permission. The user_posts permission is automatically granted to anyone who previously had read_stream permission.
Facebook Platform Changelog