Background:
After thinking that I had managed to successfully navigate Facebook's gauntlet of privacy settings, I have fallen prey to yet one last unexpected hurdle.
My Facebook app allows users to post content to Facebook (status updates, photos, etc). It also allows users to browse and view the same content of others who are users of the same app. Even if two users (that are friends) have:
granted the necessary permissions (read_stream, user_photos, friends_photos, etc) to the app
successfully posted content with the sufficient visibility to Facebook through the app
the ability to see each other's posted content on Facebook itself
It is still possible that they can't read others' content through the app due to the "Apps others use" privacy setting which restricts what information others can see through the Facebook platform, despite that the user has specifically granted access to the app for that content (ugh).
This little quirk makes for a terrible user experience, so I would at least like to be able to detect that a user has this limitation in place an inform him/her accordingly.
My searches through the FQL tables have come up fruitless, but I'm holding out against hope... Is there a (undocumented?) way to retrieve the "Apps others use" settings for an authorized user via Facebook API method?
Does the page http://nakedsecurity.sophos.com/2013/04/03/how-to-stop-your-friends-facebook-apps-from-accessing-your-private-information/ give you some help?
For going to that, is like in the image : Go to the gear icon at the top right > Account Settings > Apps > Apps others use and then customize it.
Related
I want to scrape comments, likes and posts for a Facebook page that I'm an Analyst in (I'm not the admin, I've been given the 'Analyst' role).
I'm using the code in https://github.com/minimaxir/facebook-page-post-scraper to scrape comments.
Apparantely, you can get likes, posts and reactions but you cannot retrieve the comments of a Facebook page without a Page Access Token.
so I went ahead and looked at the popular answer in the link facebook: permanent Page Access Token?
Not sure if this used to be the case before, but if you follow the instructions in Step 1, substep 4, In the pop-up, under the "Extended Permissions" tab, check "manage_pages". For this to work, it is asking me to submit a request with many checkboxes asking me the purpose of needing this permission, and along with this, it is not letting me send a request review without having Privacy Policy URLs, App icons, User Guidelines and a VIDEO showing how this App will be used.. I literally just want to scrape comments from my own Facebook page where I'm been given an Analyst role that has lesser privileges than Administrator, and for this I was asked to create an App for it and set Native or desktop app? to No to ensure I don't get a Bad Request when I run my code.
I'd love it if you could give me any help in this direction.. I want a solution to how I could get Extended Permissions or follow the steps in the popular answer, or simply get Page Access Token without having to set Privacy Policy Guidelines, an App icon and a video showing a demonstration of something I can't understand.
I'm designing a web based game off of Facebook, and I want my users to be able to post content from my site into their Facebook pages.
For this, I require of course the "manage_pages" permission.
I've seen this on the Facebook policy page:
Desktop web games off of Facebook.com may only use Facebook Login (Authentication, excluding > user connections such as friend list), Social Plugins and publishing (e.g., Feed Dialog, > Stream Publish, or Open Graph). When authenticating, these games may not request additional > permissions other than age, email, and our Publishing Permissions.
Now, I'm not really sure if what I require is out of bounds; I'm not making any use of the user friends list or even extra information they allow (such as email), and the reason I need the access to manage pages is to post stuff on Facebook (not enjoy its information outside of it), but I can't be sure from what I'm reading here if it's black or white. Is it technically like Open Graph? (even though it's not an Open Graph permission)
Has anyone explored this before?
Thanks
I'm working on a Facebook app that requires a few basic permissions (email, birthday, etc) as well as publish_actions (so I can create stories about user interaction).
When I ask for these permissions, the end user is presented with one screen for the basic permissions and yet another for the publish_actions permission.
However, when I looked at the following app from Amazon:
http://www.amazon.co.uk/gp/socialmedia/promotions/SprngSweep
When I click on the enter button, I am redirected to Facebook to ask for permissions (as expected), however, they have all their permissions one page (Amazon would like to access your public profile, friend list, email address, birthday, photos, videos, personal description, likes and your friends' birthdays and likes. Amazon would like to post on your behalf. Amazon would like to access your data at any time.)
I can't add a picture due to lack of rep
The url that I'm redirect to is this:
https://www.facebook.com/dialog/oauth?client_id=164734381262&redirect_uri=https%3A%2F%2Fwww.amazon.co.uk%2Fgp%2Fsocialmedia%2Ffbr%2Fconnect-handler.html%2Fref%3Dfbr_hn_SprngSweep%3Fie%3DUTF8%26appName%3DAmazon%26externalApp%3DKindle%26onSuccess%3D%252Fgp%252Fsocialmedia%252Fpromotions%252FSprngSweep%253Fie%253DUTF8%2526sm-sweeps_submit%253D1%2526sm-sweeps_submit.x%253D66%2526sm-sweeps_submit.y%253D20%2526sweepsConnect%253D1%2526sweepsEligibility%253D1%26ref%3DSprngSweep%26token%3D6CBF36BD25311891B2F205333EFA3AA78E561AB9&scope=
While attempting to investigate this myself, I noticed that they aren't even passing a value for scope in the url.
How the hell are they doing this?
Most likely they are using an old API (FB changed the behavior over there recently, read their blogs please) or they are using hidden features which FB created for them (as this has an impact on there advertising revenue obviously, and even these guys are "coin operated").
The "two pager" is normal, FB API and FB advertising API quit the same. I wouldn't worry.
I am building an app that displays 'shared' content from 2 friends on Facebook.
e.g. Photos that both users are tagged in.
I would like either user to then be able to share the resulting content with their friends.
This does mean than if you weren't friends with one of the users, you potentially could still see content 'owned' by them, regardless of whatever privacy settings they have put against that content (as your friend has shared the joint content).
Is there a permission that extends content privacy?
There is no way of extending or changing the user's privacy settings on their account. While you can change the permission of content they share via your app, you cannot update the settings for content that has already been shared via your app - only the user can control that.
In addition, the user's lowest privacy setting will always be the maximum privacy setting you can use. E.g., if the user has set wall post to be "Friends", you app cannot then post things as "public". You will be able to use "Friends" or lower in your app.
From the documentation it seems that the user should always authorize the Facebook application even to access basic permissions.
However, sites like Rotten Tomatoes and Clicker.com auto-authorize the logged facebook user without showing the authorization dialog. If you visit one of those sites for the first time they will be able to access your public data without you authorizing it. If I go to the Apps on my facebook settings, an entry will appear showing that I gave access to those applications (but I DID NOT).
How can this be possible? Is it related to the "Instant Personalization" feature for selected partners?
Thanks
Well, I was doing some research and yes, it's all about Instant Personalization.
From Facebook:
We've partnered with a few websites to provide you with great,
personalized experiences the moment you arrive, such as immediately
playing the music you like or displaying friends' reviews. To tailor
your experience, these partners only access public information (like
your name and profile picture) and other information you've made
public.
From one of its partners:
Clicker.com
So -at the time I'm writing this- unless you're a partner of Facebook, you'll have to show the old OAuth dialog.
Hope it helps!