My goal is to have my app be able to read my users stream using the extended permission "read_stream" , however when requesting that permission the dialog doesn't show me having requesting that permission.
I have no trouble requesting the email, or publish_actions permissions, but read_stream is a no go as well as other various extended permissions. Here is an example of what I am using for the facebook login:
https://www.facebook.com/dialog/oauth?scope=publish_actions%2Cread_stream&redirect_uri=http%3A%2F%2Fwww.MYDOMAIN.com%2Fsocialregistration%2Ffacebook%2Fconnect%2F&display=popup&client_id=MYAPPID
Is there another permission I need to request when requesting read_stream ? Is there something I need to change in my facebook app settings specifically for the scope permission request? My goal is to be able to get permission for "read_stream".
Thank you for any input!
The method I describe does work! The issue was that there is a second facebook prompt for the extended permissions that occurs AFTER the initial prompt for permissions.
What is confusing is that facebook shows permissions for email and publish_actions on the first facebook dialog box instead of in a consistant manner for all the extended permissions....but that's facebook's choice!
So hopefully this helps anybody else that was confused like me!
Related
I have an app that programmatically make post on a configured Facebook Page.
My app obviously have both the manage_pages and publish_pages permissions approved and I'm using pages access token
Everything work well since now, but recently when I POST on page feed
https://graph.facebook.com/v3.1/234002440799692/feed
I get this error:
{"error": {
"message":"(#200) Requires either publish_to_groups permission and app being installed in the group, or manage_pages and publish_pages as an admin with sufficient administrative permission",
"type":"OAuthException",
"code":200,
"fbtrace_id":"HEVcI\/Tq3fW"
}}
I know that Facebook has deprecated publish_actions scope, so that it's not possible anymore to post programmatically on the personal feed, but I can't find out why the post on a page return this kind of error.
Some further infos:
posting with a developer account actually work
the user by which the page access token is obtained, created the page on Facebook (so I think it's an admin for the page)
i recently migrated from graph_api v2.12 to v.3.1
Any suggestion will be appreciated
Thanks
I figured it out what the problem with some pages is.
It seem that now, if the user grant the manage_pages and publish_pages permission, that will be valid only for already existing pages!
New pages haven't the permission granted by default.
The only way I can fix the problem was to remove my app from the user profile (Facebook Settings > Business Integrations > Select the app > Remove) and then prompt the user again with the Facebook OAuth permission dialog.
I don't know if there is a way to force the app removal programmatically, but I can't find out.
You can use the following URL:
https://graph.facebook.com/v7.0/234002440799692/feed?&access_token={access_token}
Is there a way to mark a scope such as publish_stream as required in Facebook OAuth2?
Currently a user can skip the permission and that results in a non working app in my example.
No you cant do that, in fact facebook asks to check for the extended permissions before performing any related action.
You can any time check for the permissions a user has granted with the API- /me/permissions. Check out- Graph API Explorer
There's no way to "require" extended permissions such as publish_stream as far as I know. Facebook has some docs about how to handle those cases where the user only gave some permissions:
https://developers.facebook.com/docs/facebook-login/permissions/#handling
Quote:
If a person declines the login dialog have a clear and upfront
explanation about why you are requesting each permission. Then let
them click or tap to opt back in to the permission request dialog. Do
not immediately redirect them into a permission request dialog without
an explanation.
For cases where someone has granted some permissions but not others,
only prompt for missing permissions at the point at which they are
needed. For example, if your app contains functionality which creates
an event on behalf of a person, only prompt for create_event
permission whenever they choose to add the event to Facebook.
Unless the permissions you are requesting in the login dialog are
critical to the functionality of your app and a feature doesn't work
without them, let people continue using your app without the
permissions.
I have implemented a server-side login flow for a facebook page management application to allow my users to grant the necessary permissions to this application. So far, this works nicely and allows my application to obtain a "page access token" after being granted the manage_pages permission.
However, during the login flow, the facebook UI on facebook.com requests both the manage_pages permission (which is what I asked for) and the permission to see the list of friends of the user (which I did not ask for).
To be specific, I redirect the user to https://www.facebook.com/dialog/oauth?client_id=...&redirect_uri=...&state=...&response_type=code&scope=manage_pages.
Is there a way to convince the facebook UI to not request permission from the user to see his list of friends ?
For reference, since I spent a good amount of time researching an answer to that question, I believe that it is impossible to explicitely not request permission from the user to see his list of friends. The Facebook documentation hints at this by stating that these are the "default" permissions that every application gets.
I have got this error message from facebook .
Your app asks for 4+ read permissions along with public profile and
friend list. Asking for too many permissions can lower conversion by
as much as 40%. To improve your conversion rate and give people a
great app experience, we recommend that you ask for fewer permissions.
Read our règles élémentaires for more details.
My App ASK For This permissions :
publish_stream, publish_actions, user_groups
So i dont know if i must ignore
publish_stream
permission or not because my app just need to post contents no more things.
You can safely ignore the publish_stream permission as it is already included with the publish_actions permission. Quoting from the blog post about the same issue
publish_actions will now include basic publish_stream permissions (including posting on a user's timeline, posting photos/videos, commenting on and liking content), which will appear on the first Auth Dialog screen. With this change, apps that were previously granted publish_stream do not need to request publish_actions.
I'm using an app access token to write to a facebook user's wall (using the facebook graph toolkit in asp.net). i've found that the process works fine if i have publish_stream permission but fails if i only have publish_actions. i would prefer to work only with publish_actions to avoid the second screen permission request.
this issue seems to go against the fb docs which state "Moving forward, we recommend that apps only ask for publish_actions, as this permission encompasses the other two and we want to simplify the model." (https://developers.facebook.com/docs/concepts/login/permissions-login-dialog/)
I'm wondering if anyone else has experienced and overcome this issue.
You need to check out this.
It says-
publish_actions will now include basic publish_stream permissions (including posting on a user's timeline, posting photos/videos, commenting on and liking content), which will appear on the first Auth Dialog screen. With this change, apps that were previously granted publish_stream do not need to request publish_actions.
as you said, BUT-
If you need specific capabilities like posting to a friend's timeline or to groups, you will still need to request publish_stream, which appears on a second screen where users can also opt out.