How do we get this permission to be in our default permissions to gain an access token and not be a revokable, optional permission?
Been using Facebook Connect and am asking for basic permissions such as a user's ID, name, profile pic, interests, likes, education, etc. All of these permissions access a user's basic information. I've seen where apps ask for these along with the Access Data Anytime permission as a non-revokable permission. However, mine is coming up as a revokable permission that I'm afraid people won't allow.
offline_access is an extended permission (https://developers.facebook.com/docs/reference/api/permissions/#extended_perms). The present facebook auth dialog makes all extended permissions optional - so the user can pick and chose the extended permissions he/she wishes to grant to the app (https://developers.facebook.com/docs/opengraph/authentication/#perms).
That said, offline_access is being deprecated and hence you should move to the design where you extend the permissions by swapping normal tokens with long-live tokens. Please refer to https://developers.facebook.com/roadmap/offline-access-removal/ or other stackoverflow questions like Facebook offline access step-by-step to understand more about it.
Related
I want to get /{user-id}/feed from another user (user B) rather than "me" (user A), but the query returns an empty list.
I'm using the Graph API Explorer to make the queries, and I've got the Access Token with user_posts, user_status and read_stream permissions, but I can't get this information.
In this thread is said that:
Additionally the queried user needs to grant the app the read_stream permission.
In this other thread they said:
If the user is your app user authorized with read_stream permission, then you access the USER_ID/feed. It's because USER_ID/feed endpoint only available if user give permission read_stream to your app. App Access Token is not allow.
If the user is not your app user with read_stream, then you access the USER_ID/links instead. It's because no read_stream permission require to access this endpoint. App Access Token is not allow.
MY QUESTIONS:
Do I really need this other user (user B) to grant this permission to access his feed?
Where can I find official documentation saying so?
As /{user-id}/links seems to be accessible, are posts, statuses or tagged accessible too, or I just can access links without User B granting this permission?
Note:
Since the purpose is to use it in and iOS and Android App I can't use the read_stream permission, so I would use the user_posts which is supposed to be valid as they say in https://developers.facebook.com/docs/graph-api/reference/v2.3/user/feed
>
Of course, why would anyone want your App to access his newsfeed without his authorization? Keep in mind that not only the user would be able to access the feed of his friends, but the App too - which means, it would be easy for the App developer to get access.
Should be clear with number 1. Why would there even be a permission if you could just grab the feed from another user with it?
You can´t get ANY data from a user without his authorization, for privacy reasons. Friend permissions are gone.
I have implemented a server-side login flow for a facebook page management application to allow my users to grant the necessary permissions to this application. So far, this works nicely and allows my application to obtain a "page access token" after being granted the manage_pages permission.
However, during the login flow, the facebook UI on facebook.com requests both the manage_pages permission (which is what I asked for) and the permission to see the list of friends of the user (which I did not ask for).
To be specific, I redirect the user to https://www.facebook.com/dialog/oauth?client_id=...&redirect_uri=...&state=...&response_type=code&scope=manage_pages.
Is there a way to convince the facebook UI to not request permission from the user to see his list of friends ?
For reference, since I spent a good amount of time researching an answer to that question, I believe that it is impossible to explicitely not request permission from the user to see his list of friends. The Facebook documentation hints at this by stating that these are the "default" permissions that every application gets.
I have got this error message from facebook .
Your app asks for 4+ read permissions along with public profile and
friend list. Asking for too many permissions can lower conversion by
as much as 40%. To improve your conversion rate and give people a
great app experience, we recommend that you ask for fewer permissions.
Read our règles élémentaires for more details.
My App ASK For This permissions :
publish_stream, publish_actions, user_groups
So i dont know if i must ignore
publish_stream
permission or not because my app just need to post contents no more things.
You can safely ignore the publish_stream permission as it is already included with the publish_actions permission. Quoting from the blog post about the same issue
publish_actions will now include basic publish_stream permissions (including posting on a user's timeline, posting photos/videos, commenting on and liking content), which will appear on the first Auth Dialog screen. With this change, apps that were previously granted publish_stream do not need to request publish_actions.
My goal is to have my app be able to read my users stream using the extended permission "read_stream" , however when requesting that permission the dialog doesn't show me having requesting that permission.
I have no trouble requesting the email, or publish_actions permissions, but read_stream is a no go as well as other various extended permissions. Here is an example of what I am using for the facebook login:
https://www.facebook.com/dialog/oauth?scope=publish_actions%2Cread_stream&redirect_uri=http%3A%2F%2Fwww.MYDOMAIN.com%2Fsocialregistration%2Ffacebook%2Fconnect%2F&display=popup&client_id=MYAPPID
Is there another permission I need to request when requesting read_stream ? Is there something I need to change in my facebook app settings specifically for the scope permission request? My goal is to be able to get permission for "read_stream".
Thank you for any input!
The method I describe does work! The issue was that there is a second facebook prompt for the extended permissions that occurs AFTER the initial prompt for permissions.
What is confusing is that facebook shows permissions for email and publish_actions on the first facebook dialog box instead of in a consistant manner for all the extended permissions....but that's facebook's choice!
So hopefully this helps anybody else that was confused like me!
I found the article very nice to introduction set extended permission required
(https://developers.facebook.com/docs/beta/authentication/#referrals)
but I go to Auth Dialog setting, the field required permission replaced users & friend permission. I can't see field required permission. please help me. thanks
You can set extended permissions required via your call to the show the login/authorize screen.
For Javascript SDK, it's the second parameter of FB.login(callback,scope).
For the Login social plugin it's the scope attribute.
For PHP SDK it will be
$params = array(
scope => 'read_stream, friends_likes',
redirect_uri => 'https://www.myapp.com/post_login_page'
);
$loginUrl = $facebook->getLoginUrl($params);
Per http://developers.facebook.com/docs/reference/api/permissions/ the extended permissions are:
read_friendlists Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends.
read_insights Provides read access to the Insights data for pages, applications, and domains the user owns.
read_mailbox Provides the ability to read from a user's Facebook Inbox.
read_requests Provides read access to the user's friend requests
read_stream Provides access to all the posts in the user's News Feed and enables your application to perform searches against the user's News Feed
xmpp_login Provides applications that integrate with Facebook Chat the ability to log in users.
ads_management Provides the ability to manage ads and call the Facebook Ads API on behalf of a user.
create_event Enables your application to create and modify events on the user's behalf
manage_friendlists Enables your app to create and edit the user's friend lists.
manage_notifications Enables your app to read notifications and mark them as read. This permission will be required to all access to notifications after October 22, 2011.
offline_access Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
publish_checkins Enables your app to perform checkins on behalf of the user.
publish_stream Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
rsvp_event Enables your application to RSVP to events on the user's behalf
sms Enables your application to send messages to the user and respond to messages from the user via text message
publish_actions Enables your application to publish user scores and achievements.
I don't think you can require extended permissions through that dialog, or by using the SDK as suggested above.
In previous versions of the PHP SDK the oauth dialog would return an error if the user did not approve all requested permissions -- this is no longer the case. As long as the user approves the basic permissions, any of the requested extended permissions can be unselected and the user is redirected without a warning or error. I hope that I'm wrong, but from reading the documentation and my own testing, I don't think I am.
From the same page of the documentation that you reference: https://developers.facebook.com/docs/beta/authentication/
"The updated Auth Dialog will display a set of user and friends permissions on the first dialog, and other extended permissions (if any) on a second dialog screen. User and friends permissions are non-revocable, while extended permissions can be revoked by clicking on the "X" next to each permission on the second dialog screen. Your app must be ready to handle each scenario (permissions granted, and revoked) properly."
IOW, if your app requires a specific permission your code must ensure that the user grants it.