I have users who have authorised my app and are using it. I now need to request further permissions on top of this and I remember reading that the Javascript SDK has some inbuilt methods which allow you to just request the permissions which have not already been handed over. I've looked around a fair bit but I can't find any information on this anymore.
Can someone confirm that this exists, and if possible, how I can do this? I actually switched from using the PHP SDK for the login just because I read about this feature!
You can actually do this in the php-sdk as well. What you need to do is inspect the permissions connection and see if the user has granted the required permission to your app
https://developers.facebook.com/docs/authentication/permissions/
If not you can either redirect them to the auth dialog, or prompt them with a button and explain why you want them to authenticate again.
You can view a sample response at
https://developers.facebook.com/tools/explorer/?method=GET&path=me%2Fpermissions
Alternatively,using the Auth Dialog
https://developers.facebook.com/docs/opengraph/authentication/
might also achieve what you are after, though this only works on referrals from Facebook I believe
It's the same procedure as with users who have disconfirmed a permission. In that case the documentation for invalid access tokens applies: https://developers.facebook.com/docs/authentication/access-token-expiration/
So, you just need to reauthenticate the user including the additional permissions in the scope parameter.
You should be able to check for granted permissions, then if they are not the same as the ones you need then just redirect them to log in with he extended permissions you require and that's it.
http://developers.facebook.com/docs/reference/fql/permissions/
Related
I need only the basic permissions "email", "public_profile","user_friends" and I need all of them for my app to work.
FB login takes the user to permissions page and he/she can just uncheck email and user_friends and I will have to handle it separately.
Yes, I do understand the trust equation here that has been discussed in a lot of questions on SO.But a lot of apps somehow circumvent this. e.g. Uber
Uber is probably using an old App created before end of April 2014. Those basic permissions where included back then. In newer Apps you can´t force a user to authorize all permissions, he will always be able to skip the extended ones.
One good way is to use the "return_scopes" flag of FB.login and check if the user accepted the neccessary permissions right after the authorized your App: https://developers.facebook.com/docs/reference/javascript/FB.login/v2.2
Is there a way to simply require that any user signing up for our Facebook app to either accept ALL permissions requested or not at all? We do not want to give the options to accept certain parameters and reject others in Facebook SSO.
If the user really doesn't want to enable certain extended permissions. It's their choice; Facebook has spoken.
You are expected to check if the user has disabled permissions. If so, you should provide an error message that some of your application's functionality is disabled and ask them to re-enable those permissions again.
Yes, this makes it harder for developers, but you have to accept it.
First : you must try to get just permissions you need them (its facebook rule)
Second:yes you can do it, at first let users to install app with permissions which they want then check your app's permissions if user does not accepted some permissions redirect user to install page again (times & times)
https://developers.facebook.com/tools/explorer/145634995501895/?method=GET&path=me%2Fpermissions
I'm building a Facebook app with Facebook login via Oauth 2.0. Will it be possible to request more permissions (scope) from the user in the future as we add features or do we need to request them all up front?
Anyone implemented this with Facebook Connect?
From my experience, you can add permissions later and it'll prompt the user to accept those permissions. For my app, I started with just basic/email permissions and then added photo... and it would prompt for the photo.
You can call Facebook's permissions api (https://graph.facebook.com/me/permissions?access_token=...) to see if the user has authorized the permission you will need (perhaps they later when in and revoked part of your apps permission but not all of it). If they did, or you just later need different permissions, just show the authorization link like you did the first time with the additional permissions listed in the url (&scope=email,read_stream...) and it will prompt them for those.
I am creating a canvas application using the Facebook C# SDK and am trying to authenticate the user without asking for any extended permissions.
When the user adds the application the CanvasAuthorize attribute is not redirecting the user to the facebook permissions page.
This process works fine if I ask for "publish_stream" or any other extended permission but I only want to ask for basic permissions initially.
Is there any way to do this using the SDK?
If i'm guessing right the basic permissions you require are FB User Id or may be first, last name, I don't think you'll require to authenticate the user for that. Simply make an object of FacebookApp and try getting the required data, if it does get the basic data then you are good to go, otherwise in the meanwhile I'll try looking into it :)
Cheers,
Nauman
The new version of the SDK (5.0.3) now uses the new oauth page instead of the php plugin to authorize the user. This installs the app even when no extended permissions are specified.
How do I make an app that doesn't ask for permission when you load it?
Or is that impossible? The only thing the application does is post to the user's wall, but can't I authenticate for that after they load the application?
You can, not sure why others are so positive that it is not possible.
On your server side you can check through facebook api if current user granted you required permission. If not, pass some flag to your fbml where you can display permission prompt link:
Would you like to <fb:prompt-permission perms="publish_stream">allow us</fb:prompt-permission> to post on your wall?
You are not obligated to require users to authorize your app either (but you need authorization before checking for granted permissions or retreiving any user information), you can still allow users to use your app. In fact allowing users to use an app without authorization is even encouraged by facebook recommendations. For optional authorization you can put such fbml on your page:
<fb:if-is-app-user>
<fb:else><a href="http://www.facebook.com/login.php?api_key=...&v=1.0>Would you like to authorize this app?</fb:else>
</fb:if-is-app-user>
If you want to post to their wall via a prompt instead of requiring prior authorization, you should use the connect library. Then you can use some javascript to open the dialog.
In fact, another SO question gives you exactly what you need.
Or is that impossible. The only thing
the application is going to do is post
to the users wall, but can't I
authenticate them for that after they
load the application?
To publish content to users' walls, you need to have the steam_publish permission from them first.