I'm building a Facebook app with Facebook login via Oauth 2.0. Will it be possible to request more permissions (scope) from the user in the future as we add features or do we need to request them all up front?
Anyone implemented this with Facebook Connect?
From my experience, you can add permissions later and it'll prompt the user to accept those permissions. For my app, I started with just basic/email permissions and then added photo... and it would prompt for the photo.
You can call Facebook's permissions api (https://graph.facebook.com/me/permissions?access_token=...) to see if the user has authorized the permission you will need (perhaps they later when in and revoked part of your apps permission but not all of it). If they did, or you just later need different permissions, just show the authorization link like you did the first time with the additional permissions listed in the url (&scope=email,read_stream...) and it will prompt them for those.
Related
I'm creating a website that use facebook connect, and I need the publish_action permission for each user, unless, user can't get access to my website.
But when a user register with Facebook connect, the publish_action permission can be skipped ; the request is separated from the read permissions.
This is an example of what I dont want: http://i.stack.imgur.com/mbz8g.png
Is there a way to ask to people to allow publish_action and read permissions in the same text box, without "skip" button ?
You cannot require the publish permission to use your app.
No. People must be able to login to your app without granting publishing permissions.
I am working with integration of a website with facebook.
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Is this in a very special environment (like a kiosk application or something) …?
Because otherwise, I’d hate it if random apps logged me out of FB while I’m browsing on my own computer, just because I don’t want to connect to them.
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I don’t know any workaround – to perform a log out on behalf of the user, you need a valid access token – doesn’t matter, if you’re trying to do it client-side or server-side.
If that wasn’t the case, any website I’m visiting could log me out of Facebook, and that would be really annoying to users.
We have exactly the same problem. We've developed a kiosk application used to checkin and post HD photos.
If the user does not accept the permissions we need to reload the application because we can't logout the user in another way.
We've tried different ways but no one was successful
I have users who have authorised my app and are using it. I now need to request further permissions on top of this and I remember reading that the Javascript SDK has some inbuilt methods which allow you to just request the permissions which have not already been handed over. I've looked around a fair bit but I can't find any information on this anymore.
Can someone confirm that this exists, and if possible, how I can do this? I actually switched from using the PHP SDK for the login just because I read about this feature!
You can actually do this in the php-sdk as well. What you need to do is inspect the permissions connection and see if the user has granted the required permission to your app
https://developers.facebook.com/docs/authentication/permissions/
If not you can either redirect them to the auth dialog, or prompt them with a button and explain why you want them to authenticate again.
You can view a sample response at
https://developers.facebook.com/tools/explorer/?method=GET&path=me%2Fpermissions
Alternatively,using the Auth Dialog
https://developers.facebook.com/docs/opengraph/authentication/
might also achieve what you are after, though this only works on referrals from Facebook I believe
It's the same procedure as with users who have disconfirmed a permission. In that case the documentation for invalid access tokens applies: https://developers.facebook.com/docs/authentication/access-token-expiration/
So, you just need to reauthenticate the user including the additional permissions in the scope parameter.
You should be able to check for granted permissions, then if they are not the same as the ones you need then just redirect them to log in with he extended permissions you require and that's it.
http://developers.facebook.com/docs/reference/fql/permissions/
I'm using an fb login button on a site, and our app needs extended permissions: publish_stream. When the user logs in, we can get the permissions, get an access_token, and publish various items to their stream.
However, the site doesn't seem to know if the user's logged in to facebook or not, and I'm having to allow permissions on subsequent visits to the page. However, if I hit the website, I get the access_token - but I'm the admin of the facebook app.
Is there a way to get permissions and have them persist, or am I doing something wrong?
It sounds like you might need to request the "offline_access" extended permission (if you want to make API calls after a normal access token would have expired). I'm not sure this is what you need though - this is for making API calls as a user while the user is not logged in to Facebook anymore.
It sounds like your Application is not properly using the API to check if the user is logged in or not. Without seeing any code I can't tell what is happening, but if you are using the API correctly once a user has authorized your application, they should be able to make API calls via your App while they are logged in to Facebook. Unless you changed application's on them, they will not need to re-authorize the permissions.
Please edit your question to provide more details if this does not help, and good luck.
How do I make an app that doesn't ask for permission when you load it?
Or is that impossible? The only thing the application does is post to the user's wall, but can't I authenticate for that after they load the application?
You can, not sure why others are so positive that it is not possible.
On your server side you can check through facebook api if current user granted you required permission. If not, pass some flag to your fbml where you can display permission prompt link:
Would you like to <fb:prompt-permission perms="publish_stream">allow us</fb:prompt-permission> to post on your wall?
You are not obligated to require users to authorize your app either (but you need authorization before checking for granted permissions or retreiving any user information), you can still allow users to use your app. In fact allowing users to use an app without authorization is even encouraged by facebook recommendations. For optional authorization you can put such fbml on your page:
<fb:if-is-app-user>
<fb:else><a href="http://www.facebook.com/login.php?api_key=...&v=1.0>Would you like to authorize this app?</fb:else>
</fb:if-is-app-user>
If you want to post to their wall via a prompt instead of requiring prior authorization, you should use the connect library. Then you can use some javascript to open the dialog.
In fact, another SO question gives you exactly what you need.
Or is that impossible. The only thing
the application is going to do is post
to the users wall, but can't I
authenticate them for that after they
load the application?
To publish content to users' walls, you need to have the steam_publish permission from them first.