I am creating a canvas application using the Facebook C# SDK and am trying to authenticate the user without asking for any extended permissions.
When the user adds the application the CanvasAuthorize attribute is not redirecting the user to the facebook permissions page.
This process works fine if I ask for "publish_stream" or any other extended permission but I only want to ask for basic permissions initially.
Is there any way to do this using the SDK?
If i'm guessing right the basic permissions you require are FB User Id or may be first, last name, I don't think you'll require to authenticate the user for that. Simply make an object of FacebookApp and try getting the required data, if it does get the basic data then you are good to go, otherwise in the meanwhile I'll try looking into it :)
Cheers,
Nauman
The new version of the SDK (5.0.3) now uses the new oauth page instead of the php plugin to authorize the user. This installs the app even when no extended permissions are specified.
Related
I have a desktop app which uses a user access token to read the me/feed endpoint and I can see all the posts for the logged in user. If I wanted to simplify deployment to different users I would need to minimise the amount of setup/configuration they did.
Is there a way to access me/feed for a given userid rather than have to setup every user as a developer account and create an app for it?
I have looked at https://developers.facebook.com/docs/graph-api/using-graph-api/v2.0 and it is not obvious to me how to do this.
What configuration / permissions does the user in question need to do to activate this. Which access token should I be using, and will it give access to all the posts in the same way the user access token does.
[EDIT] I have looked at this again and the problem I am having is that when a user (who has a facebook account but is NOT a developer) tries to login to my App (which is in development mode) I get the following error
"App Not Setup: The developers of this app have not set up this app properly for Facebook Login."
Thanks in advance
I have users who have authorised my app and are using it. I now need to request further permissions on top of this and I remember reading that the Javascript SDK has some inbuilt methods which allow you to just request the permissions which have not already been handed over. I've looked around a fair bit but I can't find any information on this anymore.
Can someone confirm that this exists, and if possible, how I can do this? I actually switched from using the PHP SDK for the login just because I read about this feature!
You can actually do this in the php-sdk as well. What you need to do is inspect the permissions connection and see if the user has granted the required permission to your app
https://developers.facebook.com/docs/authentication/permissions/
If not you can either redirect them to the auth dialog, or prompt them with a button and explain why you want them to authenticate again.
You can view a sample response at
https://developers.facebook.com/tools/explorer/?method=GET&path=me%2Fpermissions
Alternatively,using the Auth Dialog
https://developers.facebook.com/docs/opengraph/authentication/
might also achieve what you are after, though this only works on referrals from Facebook I believe
It's the same procedure as with users who have disconfirmed a permission. In that case the documentation for invalid access tokens applies: https://developers.facebook.com/docs/authentication/access-token-expiration/
So, you just need to reauthenticate the user including the additional permissions in the scope parameter.
You should be able to check for granted permissions, then if they are not the same as the ones you need then just redirect them to log in with he extended permissions you require and that's it.
http://developers.facebook.com/docs/reference/fql/permissions/
I'm building a Facebook app with Facebook login via Oauth 2.0. Will it be possible to request more permissions (scope) from the user in the future as we add features or do we need to request them all up front?
Anyone implemented this with Facebook Connect?
From my experience, you can add permissions later and it'll prompt the user to accept those permissions. For my app, I started with just basic/email permissions and then added photo... and it would prompt for the photo.
You can call Facebook's permissions api (https://graph.facebook.com/me/permissions?access_token=...) to see if the user has authorized the permission you will need (perhaps they later when in and revoked part of your apps permission but not all of it). If they did, or you just later need different permissions, just show the authorization link like you did the first time with the additional permissions listed in the url (&scope=email,read_stream...) and it will prompt them for those.
i'm using the registration plugin for my website
http://developers.facebook.com/docs/plugins/registration
i want permission to post users's wall is there any way that on the same log in
( on the registration ) the user will promp to agree for the permissions (authentication)?
thanks !
From the Facebook Developer Forum:
There is no way at the moment to requests extended permissions through
the Registration Plugin so you'll need to request it afterwards.
It goes on to acknowledge that this is a missing feature that should be added at some point.
From what I can find, it looks like the legacy fb:prompt-permission tag would be a great way to ask the user to grant the permission. However, Facebook is in the process of deprecating FBML, so that's probably not a good idea.
The Facebook Authentication documentation explains how to gain the additional permissions using the latest OAuth model. I am still struggling to wrap my head around this myself.
Since you're using Facebook registration I'm assuming you have a database that collects user info. So what you need to do is not rely on Facebook to see which user has registered with your website but instead use the simple login with permissions on first time users and then after they are "connected" to your website check to see if they are in your database or not, if not send them to the Facebook registration plugin page and force them to register. :)
How do I make an app that doesn't ask for permission when you load it?
Or is that impossible? The only thing the application does is post to the user's wall, but can't I authenticate for that after they load the application?
You can, not sure why others are so positive that it is not possible.
On your server side you can check through facebook api if current user granted you required permission. If not, pass some flag to your fbml where you can display permission prompt link:
Would you like to <fb:prompt-permission perms="publish_stream">allow us</fb:prompt-permission> to post on your wall?
You are not obligated to require users to authorize your app either (but you need authorization before checking for granted permissions or retreiving any user information), you can still allow users to use your app. In fact allowing users to use an app without authorization is even encouraged by facebook recommendations. For optional authorization you can put such fbml on your page:
<fb:if-is-app-user>
<fb:else><a href="http://www.facebook.com/login.php?api_key=...&v=1.0>Would you like to authorize this app?</fb:else>
</fb:if-is-app-user>
If you want to post to their wall via a prompt instead of requiring prior authorization, you should use the connect library. Then you can use some javascript to open the dialog.
In fact, another SO question gives you exactly what you need.
Or is that impossible. The only thing
the application is going to do is post
to the users wall, but can't I
authenticate them for that after they
load the application?
To publish content to users' walls, you need to have the steam_publish permission from them first.