I'm running into a strange bug...
I'm asking for publish_actions permissions (I want to publish on the user's timeline the dive he just logged on diveboard.com ), and since I may want this to work in bulk (like publish all my dives) i want it done in the back and not through the front. I still want to request the permission on the front interactively.
When I ask only for "publish_actions", the popup opens and closes immediately and obviously the permission was not granted (checked in privacy)
FB.login(function(response) {
if (response.perms != undefined && response.perms.match(/publish\_actions/)!=null) {
G_user_fbtoken = getFBCookie().accessToken;
fbtimelinepublish_dive();
} else {
// user cancelled login
diveboard.notify("Unsufficient privileges","Could not get the adequate permissions to publish this action on your timeline");
toggle_fb_spinner();
return;
}
}, {scope:'publish_actions'});
}else{
fbtimelinepublish_dive();
}
Any clue !?
update : I tried with : scope:'create_event,publish_actions,publish_stream,rsvp_event'
and got
So I'm self-answering a solution : While in Open Graph Beta, the 'publish_actions' permission can only be requested from developers and test users of your app. The 'publish_actions' permission will be ignored if requested from any other user. and I moved to the new auth window.... hopefully this will save some frustrations to others....
Related
in our apps we have the option to share activity on Facebook after which the users get a small reward. In recent days this feature has stopped working for some of our users because we didn't get "post_id" from your side which we need to determine if the user should get a reward.
We found out that this happens when the user hasn't given us the "publish_actions" right. Therefore we have added a check for this right and we try to request it this way:
FB.api('/me/permissions/publish_actions', function(response) {
// pokud mame pravo na zverejneni obsahu hned postujeme
if (response.data && response.data[0] && response.data[0]['status'] === 'granted') {
postShareReport();
} else {
// pokud nemame, tak si zkusime vyzadat pravo
FB.login(function(response) {
if (response.authResponse) {
// pokud nam ho dal, tak postujeme
if(response.authResponse.grantedScopes && response.authResponse.grantedScopes.indexOf('publish_actions') !== -1) {
postShareReport();
}
}
}, {scope: "email,publish_actions",return_scopes: true, auth_type: 'rerequest'});
}
});
However, here we encountered another problem. The publish_actions right is not requested from some users even though they haven't given us this right. The login process does go through, however. The user doesn't receive the window with the option to give us this right.
Thank you
Kind regards
Most permissions need to get reviewed by Facebook: https://developers.facebook.com/docs/facebook-login/review
Without review, publish_actions only works for users with a role in the App. Ohter users don´t get asked for the permission in the authorization process.
Btw, not getting a Post ID or information if the user really shared something is intentional, because rewarding the user in any way for sharing is not allowed. You need to read the platform policy before creating any App, that rule is in there since years:
Only incentivize a person to log into your app, enter a promotion on
your app’s Page, or check-in at a place. Don’t incentivize other
actions.
Source: https://developers.facebook.com/policy/
I've an application that only asks for "user_about_me". Now I want to ask for new permission (publish_stream) but the response object returns "connected" if the user ignores the new permission. Because I want to post to the user's wall I'll get an error when posting to the user's wall "The user hasn't authorized the application to perform this action".
How can I do this?
I'm using Javascript SDK.
Basically you have to handle all the possibilities for user permissions/authorization when a user logs in. Here is a simplified working example from some FB integration I have done:
FB.Event.subscribe('auth.login', function(response) {
if(response.status === 'connected'){
FB.api('/me/permissions', function(resp) {
if(resp.data[0].publish_stream){
//User has permissions and authorization
}
else{
//User has not enabled publish stream, ask them to enable permission
}
}
}
If they have the permissions, I show them their avatar/username and some other options. If not, I present a link that asks them for the required permissions when clicked.
In my Facebook application, I am requesting 3 scopes: email,publish_stream,publish_action
I am using the FB.login function. These 2 steps pop up.
When the user clicks "Cancel" in the first step, FB.login will show "status: unknown" as the response object.
However, when user clicks cancel in the second step, FB.login shows it as "status:connected" and treats it as if the user accepted everything.
I recently learned that you can check if the user allowed the 2nd step using
FB.api('/me/permissions', function (response) {
console.log(response);
} );
My question is...knowing that the user denied the open graph step, how can I pop that dialog up again?
You are correct, the 2nd stage of the Auth Dialog is optional, the user does not have to accept all of the extended permissions you ask for, or any of them, as it states in the Permissions sections of the auth dialog documentation:
The user will be able to remove any of these permissions, or skip this
stage entirely, which results in rejecting every extended permission
you've requested. Your app should be able to handle revocation of any
subset of extended permissions for installed users.
The best approach I think is to have your app manage with what the user accepts, but if you HAVE to have the permission(s) in the optional stage (extended permissions) then this is what you can do:
FB.init({
....
});
var requiredPermissions = ["email", "publish_stream", "publish_action"];
function checkPermissions(response) {
var ok = true;
if (!response.data || response.data.length != 1)
ok = false;
else for (var perm in requiredPermissions) {
if (!(perm in response.data[0])) {
ok = false;
break;
}
}
if (!ok)
login();
else
console.log("Hey there user who granted all the required permissions");
}
function loginCallback(response) {
if (response.authResponse) {
FB.api("/me/permissions", checkPermissions);
}
else {
console.log("User cancelled login or did not fully authorize.");
}
}
functoin login() {
FB.login(loginCallback, { scope: requiredPermissions.join(",") });
}
I haven't tested this code, it's a nudge in the right direction though.
Also, this code will go on forever until the user accepts all permissions or just gives up, you should somehow let him know that you need those permissions and about to send him for the auth dialog again.
Edit
I keep forgetting to include this with my answers:
Calling FB.login opens a new pop-up window, and browsers usually blocks that unless it's a result of a user action, as it says in the docs:
Calling FB.login results in the JS SDK attempting to open a popup
window. As such, this method should only be called after a user click
event, otherwise the popup window will be blocked by most browsers.
It also says there:
If you need to collect more permissions from users who have already
authenticated with your application, call FB.login again with the
permissions you want the user to grant. In the authentication dialog,
the user will only ever be asked for permissions they have not already
granted.
Which means that it's a way to do what you want, the popup probably did not open because it was blocked by your browser.
You need to modify the code I gave you so that every time you call the login function it's after the user interacted with your page, i.e.: display a message saying "the application needs this and that permissions, please click this button to continue" which then will call the login function.
I've written a facebook app, and I want to ask users for additional permission by this code:
function loadFanPages()
{
FB.login(
function(response) {
showFanpages();
}
, { scope : 'manage_pages' });
}
But I received a message from log:
FB.login() called when user is already connected.
How can I fix this error? At the first time user use this, I only ask permissions for "email,user_birthday,user_status,user_location"
That means the user is already logged in with those permissions granted. If you log out, or remove the permission via facebook, you should see the error disappears. You should make sure you only call that code when you need to so that users won't get this error.
I used the old rest api for showing the Permission Dialog in Facebook before.
Now, with the new graph API, what can I do? (I'm in IFrame Apps).
I know that I can cheat and popup the permission in a seperate window:
FB.login(function(response) {
if (response.session) {
if (response.perms) {
// user is logged in and granted some permissions.
// perms is a comma separated list of granted permissions
} else {
// user is logged in, but did not grant any permissions
}
} else {
// user is not logged in
}
}, {perms:'offline_access'});
like that.. call the FB.login again (let say I want people to click on a different button and trigger the extended permisison dialog)
However,it looks ugly,and it doesn't look like a dialog.
Is there a way to generate the dialog? I try to figure out whether FB.ui can help but there is only little information about that.
In addition, I don't think the 'response' callback ever execute. Neither I click "Don't allow" or "allow", won't trigger any call back. any idea?
hihih..anyone can help me?
Finally. find out the solution from another website.
first. after FB.init( ... ); do that:
FB.provide("UIServer.Methods",
{ 'permissions.request' : { size : {width: 575, height: 300},
url: 'connect/uiserver.php',
transform : FB.UIServer.genericTransform }
} );
Then, whenever you need to call the permssion dialog, do that:
FB.ui({method: "permissions.request", "perms": 'email,offline_access'},
callBack);
It took me so long to figure out by looking at the FB object and find out there is UIServer with permissions.request then from that, I keep searching and find this solution. and FB.ui talks nothing about it.. and FB.provide is not documented. THANKS facebook.
You don't need to use javascript or any SDK for this although it would make it easier. You need only to redirect the user to a url like this:
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/callback&
scope=user_photos,user_videos,publish_stream
You should always redirect the user to the top window either with javascript or the link.
window.top.location = <login_url> or Login
If you are using the PHP SDK or the C# SDK you could have the sdk generate the url for you, but the process is the same.
Also, not that the redirect_uri has to be on the same domain as your iFrame application's url. This will cause Facebook to redirect your user outside of Facebook to your website, you then should redirect the user back to the app inside of facebook. For example:
User clicks login
user goes to Facebook login page
User clicks allow
Facebook redirects the user to http://www.example.com/callback
Your app redirects the user to http://apps.facebook.com/myapp/loggedin
One of the answers suggests a hack in which you call FB.provide() and then FB.ui() to pop up the extended permissions dialog. That solution doesn't work for me, but there is a documented solution now that does. Just call FB.login() to get the permissions you need.
FB.login(function(response){
if (response.authResponse) {
alert('success!');
} else {
alert('fail!');
}
},{scope: 'email'});
Even better, you can ask for extended permissions with the login button.