How to ask for optional Facebook permissions - facebook

We use Facebook Connect on our web site. We have some mandatory and some optional permissions. Is it possible to get FB to display a check box next to the optional ones? I've seen some sites that do this but maybe they are displaying their own dialog.
Once an optional permission has been granted, what is the best way to allow the user to revoke just it?
We are using the Javascript SDK but could also implement something in PHP if needed.
Thanks!

I believe you are referring to the "Improved Auth Dialog" which Facebook will automatically switch all apps over to on 2/15. You can opt-in now through your app settings so you can make sure everything works. After 2/15 you can opt-out, but only until 3/1. The improved dialog shows a second screen of "optional" permissions.
https://developers.facebook.com/blog/post/633/
Users can remove permission at any time by going into their "Privacy Settings", then to the "Apps and Websites" section. I think most users have no idea they remove individual privileges from there.
I find the javascript SDK provides a much better user experience than using redirects on the backend with something like PHP.

Related

Can't get Advanced Access to public_profile on a disabled app?

Last night Facebook disabled our app with the following justificative:
Developer Policy 6.1: Verify that you have integrated Login correctly. Your app shouldn't crash or hang during the testing process.
During Login, your app is crashing or hanging excessively, creating a broken experience for people trying to use your app. To make sure this flow runs smoothly, check that you've integrated Facebook Login correctly. We recommend that you test Login on all integrations. If you have not already done so, please:
• Here's our quickstart guide for implementing Facebook Login for Android: https://developers.facebook.com/docs/facebook-login/android
• We encourage you to test your Login integration following these steps here: https://developers.facebook.com/docs/facebook-login/testing-your-login-flow/
• Best Practices for Login can be found here: https://developers.facebook.com/docs/facebook-login/best-practices
After going through the app options for Facebook Login, I found out that our public_profile permission is in "Standard Access." To allow our users to use Facebook Login, I will need to upgrade to "Advanced Access."
The documentation says that "Business apps created before February 16, 2021, were automatically approved for Advanced Access for the email and public_profile." I should be able to move our public_profile permission to "Advanced Access" because our app was created way before 2021. The problem is that after I click on the "Get Advanced Access" button and type my password, the page reloads, and the public_profile permission is still on the "Standard Access" mode.
So, these are my questions: what I am doing wrong? Is my app unable to upgrade our permissions to "Advanced Access" while being in this "Disabled" state? How can I debug my app to make it work again?
Some additional info about my app:
It passed through the Facebook App Review in 2019, and we already got permission to manage Pages and read connected Instagram accounts;
Everything was working fine until Facebook warned us that our Login integration was not working correctly;
In response to the Facebook notification and before Facebook disabled our app, we enabled the "Login with the JavaScript SDK" and updated the "Allowed Domains for the JavaScript SDK" (such as "https://www.example.com/").
I can't switch back our app to "Dev Mode" because the option is not showing up (is it due to being "Disabled"?)
For anyone landing here from google: I had the same issue, it is a brand new Facebook app, it's not blocked nor disabled. I needed to enable login through Facebook, thus needing advanced access to public_profile. When I tried that, it sometimes asked for my FB password, sometimes not, but it did nothing. There were no errors in the javascript console in the browser, nor any failed requests. I managed to make it work by simply waiting 10-30 seconds after each click (Request advanced access -> wait -> check the box -> wait -> write password -> click submit) to let the JS in the browser finish whatever was going on and then click the next button etc.
I discovered that it is not possible to modify your permission settings while your app is blocked.
I recovered my app using the appeal form, saying that I can't correct it while it is blocked because I need to change the permission settings. In case anyone needs an example, this was the exact text I sent to Facebook on the appeal form:
To get our app into compliance, we still need to upgrade our
permissions from "Standard Mode" to "Advanced Mode", but we can't do
this while our app is disabled. I would like to ask Facebook for an
Extension of the deadline and to re-enable our app, to allow our team
to change the permissions to "Advanced Mode" and properly test and get
our app into compliance. In case it is not possible to make an
extension to the deadline, we ask Facebook to revoke all permissions
given through the App Review process and then re-enable our app, in
Dev Mode. This way, we would be able to make all the required changes,
properly test our app, and submit it again to the App Review.
for me it was not possible to get a reply from facebook with the text of #lgfischer. All the time only chatbots answered. After 2 weeks of writing we decided to remove the facebook login from the app.
the end result is: no more facebook login in our app. 😁 thanks to all facebook chatbots and to the intelligent metaverse. ;-)
I had the same issue, it is a brand new Facebook app, it's not blocked nor disabled. I needed to enable login through Facebook. It asked me to enable advanced access to public profile setting When I tried that, it sometimes asked for my FB password, sometimes not, but it did nothing.
There was no errors, the setting was just not turning on to advanced. this problem was faced by some others too, who have posted their answers under this same topic
I have been able to access the advanced setting now.
All I had done was change from brave browser (Tried with chrome also, but didn't work) to Mozilla Firefox
It just worked like magic. make sure you enter the right password for that account.
If this helps, hit an Upvote. or comment your experience below

Facebook: prevent webpages to auto-like themselves with my connected account?

Recently, I've seen a lot of webpages (external to Facebook) that implement an auto-like script (google "facebook auto like" and you'll see how many of these things there are out there).
It works as follows: you are connected to your facebook account. On another tab (or window) you visit a "malicious" website, that has this script. You don't click on anything related to Facebook, especially nothing that asks for permission. When you go back to your Facebook account, you observe that your profile has liked the page you visited, without your permission.
Is there a way to prevent these script from working? Otherwise, is there a security parameter that would make Facebook to always ask for your password before liking anything outside Facebook? I would even be fine with disabling likes outside Facebook altogether.
For the websites to accomplish auto liking, they need to use a web based programming language like Javascript, before you enter a website that you don't know, try turning off the JavaScript in tools until you can trust that site, a second option if you are using Google Chrome is to download an app that will block Javascript from running without your permission.

No authorization dialog

How can I make a Facebook app that doesn't require users to log in/authorize my app? Is it even possible for canvas apps?
The conversion in auth dialog is quite poor (39%) for my app, even though I ask for the basic information only. Hence the question.
Thanks for advice!
There are no special actions necessary to run a canvas app in Facebook without authentication. Simply set the Canvas URL and Secure Canvas URL in your app's settings (https://developers.facebook.com/apps/<app_id>/summary) and it should just work.
Keep in mind that you cannot access any of the useful functionality Facebook offers if you forego authentication. You'll be missing out on:
The Invite Friends dialog
Creating notifications
Retrieving a user's friend list and information
Etc.
In fact, if you're not leveraging any of the available functionality Facebook provides, there's no sense in even creating a canvas app. You might as well enjoy the benefits of using the entire window for your application and host it standalone.
It all depends upon what you're doing with your app.
If you app uses features that requires login, then yes, you will need to get each user to log in.
If your app doesn't use features of the API that require login, then don't use it.
There's many social plugins that can accomplish a lot of what many people look for and most all of them don't require a login.

Displaying MY public wall using AS3 without user login

I've been trying to get this to work for a while, but I've apparently missed something.
All I want is to have the latest 3 or so posts from my clients Facebook page to populate and animate in a screensaver that I am building using Flash (AS3).
So far, every time I try to bring anything in, it requires a complete oAuth login and account link, but it's only a one way exchange (read-only, absolutely no writing, posting or even linking, since it's a screensaver) I'm not even sure the client wants pictures or anything.
I am currently trying to use the facebook-actionscript-api, but there isn't an option for the "App Login" type of Authentication that would solve most of my problems.
I'm at wits end and about to have to tell my client it can't be done. At least they'll always have twitter...
I don't think it is possible to get facebook feeds without an accesstoken (even if they are public). So I guess you need to define an app within Facebook and add login stuff to your app so users can give permission to your app for basic access.
Maybe this article offers some help: http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_pt1.html

Create a facebook application programmatically

I'm trying to programmatically create an application in Facebook. I can do that with this:
https://www.facebook.com/connect/create_app.php?api_key=[key]&name=app_name
However, there's always a popup that says "Allow [Root App] to integrate Facebook functionality for you?" ... OK.
Is it possible for the "Root App" to create the application on the user's behalf without the popup via some previous permission which they have allowed, like stream_publish ...etc or maybe a session_token or ??
Someone said I can create child apps via "admin.setAppProperties" but couldn't get it working. I've also tried "FB.Connect.createApplication" and "Facebook.createApplication" but also failed.
Can anyone help? Maybe with some sample code.
There used to be an API for this but I think it has been discontinued. You can see if you can hack it together from the information available here:
http://blog.programmableweb.com/2009/10/15/facebook-lets-you-easily-integrate-into-sites-and-widgets-with-new-create-application-api/
Child applications (I believe they called them 'fourth party applications') intentionally need user interactions to create.
The documentation for https://www.facebook.com/connect/create_app.php?api_key=[key]&name=app_name is scarce to none. Are you able to access the API key of the newly created application somehow? Or set further app settings such as site-url?
I'm thinking you would need the user's permission to view /accounts then monitor before/after state to detect which one was created.
Is it possible for the "Root App" to create the application on the
user's behalf without the popup via some previous permission which
they have allowed, like stream_publish ...etc or maybe a session_token
or ??
If you create a Facebook application that only pulls someone's profile information, and then you add new functionality that allows it to automatically post on people's walls; you would have to require the user to re-authenticate themselves to give you those extra permissions.
It's hard to understand what you meant by that question.