Facebook sent an attention alert about the permission the App is requesting:
Permissions
Your app asks for read and write permissions at the same time. You should only ask for write permissions when a user tries to share something to Facebook. Please update your app accordingly. Read our best practices for more details.
In fact during authentication App is requesting those permissions:
read_friendlists, publish_stream, offline_access, email
But App is not using FB login so according to second point of this section "Publishing permissions", we can ask for both read and write permission:
https://developers.facebook.com/docs/facebook-login/permissions/#publishing
In this situation, can the Alert be ignored?
The "problem" with your request is the read_friendlists permission, the guidelines in case of non-facebook login says:
In this case, make sure that the only read permissions you request are
public profile and friend list.
Also the offline_access han been deprecated and not useful anymore
So you should ask for read_friendlists in a separate request, the alert does not affect the functionality of the app but maybe it will affects other things like quota or apps store.
Hope this helps
Related
I've been reading through the invitable_friends API documentation and it states under Permissions that "Access to the user_friends permission requires review of your app before it can be used by non-developers."
In contrast to this, the Permissions documentation states that "If your app asks for more than than public_profile, email and user_friends it will require review by Facebook before your app can be used by people other than the app's developers."
Can anyone confirm that if we are building a Canvas Facebook Game and trying to use the invitable_friends API whether we need to go through the review process or not?
As I'm not a Facebook employee, I can't "confirm" this, but the review guide at https://developers.facebook.com/docs/apps/review/login#do-you-need-review says that
You do not need to go through Login Review if your app requests these three basic permissions:
* public_profile
* user_friends
* email
So, I guess the docs at https://developers.facebook.com/docs/graph-api/reference/v2.1/user/invitable_friends#readperms are not correct.
I filed a bug report under https://developers.facebook.com/bugs/1528594254021404/ Feel free to subscribe to get an official statement from Facebook (but don't expect this too soon :-/).
Since I created a new (Facebook) App last week, I get an OAuthException whenever I want to comment on a post.
"(OAuthException) (#200) You do not have sufficient to permissions to perform this action".
With the old App, my application works fine.
Now I found out that Facebook has changed the login policy recently. I also found the following remark on https://developers.facebook.com/docs/facebook-login/permissions/v2.0:
"If your app asks for more than than public_profile, email and user_friends it will require review by Facebook before your app can be used by people other than the app's developers".
So if I post with the same account with which I created the App, it should work, right? Only it doesn't...
Remark: if I use the new App with another Facebook-account, I have even less permissions (e.g. cannot access the account's pages). So I have more permissions if I use the same account, but still I cannot post!
I use Graph API via .NET Facebook-Client; my App is a native app (desktop app).
Could someone please tell me how to post with a new App? This is the main use-case of our application! Thank you very much!
Here is a screenshot of what I see instead of the login-screen when I use extended permission "publish_action" instead of "publish_stream"
You must be able to post with your own account since you are the admin of the application. - since only the admins/developers/testers will be able to test the app with the publishing functionality before it gets approved by facebook.
If you still are not able to, you must have not granted the permissions to the app. Things to check-
You are using publish_actions and not publish_stream
Check in your application settings whether or not you can see the publishing permission is granted for that app.
If not granted, go through the login process again and grant the publishing permission (may be by removing the app from settings and then authorizing again OR logout the app and then login again with publish_actions)
Problem solved - it was a stupid typo: I wrote publish_action instead of publish_actions (should be plural)! Thanks again to CBroe who pointed it out in this thread!
I have a blog website and I have a Facebook page where I would like to share updates from my blog. I also would like to share those updates to my personal profile/timeline. I made an application and requested the publish_actions and manage_pages permissions.
It got rejected with the following comment:
You do not need to request these permissions because your blog or CMS
is integrated with an app that you admin. As an App admin, you can
already access these permissions and post to your Timeline or a page
you admin. You can provide access to additional users by adding them
as developers of your App.”
Yes, I am an admin on website, app and Facebook profile/page.
But, can anyone tell me what does it mean?
I read documentation several times. It's pretty clear that I can post even to my own only with access_token. I can get access token if I ask for authorization.
If a request authorization with publish_actions, manage_pages authorization dialog comes with the red banner saying:
"The following permissions have not been approved for use and are not being shown to people using your app: publish_actions and
manage_pages.Submit them for review or learn more."
and
"This does not let the app post to Facebook."
. Then any attempt to post comes with Error #200) The user hasn’t authorized the application to perform this action. It I don't ask for permission I just getting Error 200.
So how exactly I can "already access these permissions and post to my Timeline or a page I admin" as an App admin?
It seems that around mid May they of went back on the review process, at least partially; if your user owns the app and the page then you should be able to publish to your stream or to your page without going through the review process... I guess you just don't have to ask for the permissions that triggers the review process.
I'll be testing this in a bit and I'll get back to you with my results.
UPDATE: Yup. I've just tested it... just ask for publish_actions, manage_pages and status_update and it'll let you autopost on your own page, just ignore the warning about the review process.
Is there a way to mark a scope such as publish_stream as required in Facebook OAuth2?
Currently a user can skip the permission and that results in a non working app in my example.
No you cant do that, in fact facebook asks to check for the extended permissions before performing any related action.
You can any time check for the permissions a user has granted with the API- /me/permissions. Check out- Graph API Explorer
There's no way to "require" extended permissions such as publish_stream as far as I know. Facebook has some docs about how to handle those cases where the user only gave some permissions:
https://developers.facebook.com/docs/facebook-login/permissions/#handling
Quote:
If a person declines the login dialog have a clear and upfront
explanation about why you are requesting each permission. Then let
them click or tap to opt back in to the permission request dialog. Do
not immediately redirect them into a permission request dialog without
an explanation.
For cases where someone has granted some permissions but not others,
only prompt for missing permissions at the point at which they are
needed. For example, if your app contains functionality which creates
an event on behalf of a person, only prompt for create_event
permission whenever they choose to add the event to Facebook.
Unless the permissions you are requesting in the login dialog are
critical to the functionality of your app and a feature doesn't work
without them, let people continue using your app without the
permissions.
I have got this error message from facebook .
Your app asks for 4+ read permissions along with public profile and
friend list. Asking for too many permissions can lower conversion by
as much as 40%. To improve your conversion rate and give people a
great app experience, we recommend that you ask for fewer permissions.
Read our règles élémentaires for more details.
My App ASK For This permissions :
publish_stream, publish_actions, user_groups
So i dont know if i must ignore
publish_stream
permission or not because my app just need to post contents no more things.
You can safely ignore the publish_stream permission as it is already included with the publish_actions permission. Quoting from the blog post about the same issue
publish_actions will now include basic publish_stream permissions (including posting on a user's timeline, posting photos/videos, commenting on and liking content), which will appear on the first Auth Dialog screen. With this change, apps that were previously granted publish_stream do not need to request publish_actions.