How do I make an app that doesn't ask for permission when you load it?
Or is that impossible? The only thing the application does is post to the user's wall, but can't I authenticate for that after they load the application?
You can, not sure why others are so positive that it is not possible.
On your server side you can check through facebook api if current user granted you required permission. If not, pass some flag to your fbml where you can display permission prompt link:
Would you like to <fb:prompt-permission perms="publish_stream">allow us</fb:prompt-permission> to post on your wall?
You are not obligated to require users to authorize your app either (but you need authorization before checking for granted permissions or retreiving any user information), you can still allow users to use your app. In fact allowing users to use an app without authorization is even encouraged by facebook recommendations. For optional authorization you can put such fbml on your page:
<fb:if-is-app-user>
<fb:else><a href="http://www.facebook.com/login.php?api_key=...&v=1.0>Would you like to authorize this app?</fb:else>
</fb:if-is-app-user>
If you want to post to their wall via a prompt instead of requiring prior authorization, you should use the connect library. Then you can use some javascript to open the dialog.
In fact, another SO question gives you exactly what you need.
Or is that impossible. The only thing
the application is going to do is post
to the users wall, but can't I
authenticate them for that after they
load the application?
To publish content to users' walls, you need to have the steam_publish permission from them first.
Related
I am working with integration of a website with facebook.
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Is this in a very special environment (like a kiosk application or something) …?
Because otherwise, I’d hate it if random apps logged me out of FB while I’m browsing on my own computer, just because I don’t want to connect to them.
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I don’t know any workaround – to perform a log out on behalf of the user, you need a valid access token – doesn’t matter, if you’re trying to do it client-side or server-side.
If that wasn’t the case, any website I’m visiting could log me out of Facebook, and that would be really annoying to users.
We have exactly the same problem. We've developed a kiosk application used to checkin and post HD photos.
If the user does not accept the permissions we need to reload the application because we can't logout the user in another way.
We've tried different ways but no one was successful
I have users who have authorised my app and are using it. I now need to request further permissions on top of this and I remember reading that the Javascript SDK has some inbuilt methods which allow you to just request the permissions which have not already been handed over. I've looked around a fair bit but I can't find any information on this anymore.
Can someone confirm that this exists, and if possible, how I can do this? I actually switched from using the PHP SDK for the login just because I read about this feature!
You can actually do this in the php-sdk as well. What you need to do is inspect the permissions connection and see if the user has granted the required permission to your app
https://developers.facebook.com/docs/authentication/permissions/
If not you can either redirect them to the auth dialog, or prompt them with a button and explain why you want them to authenticate again.
You can view a sample response at
https://developers.facebook.com/tools/explorer/?method=GET&path=me%2Fpermissions
Alternatively,using the Auth Dialog
https://developers.facebook.com/docs/opengraph/authentication/
might also achieve what you are after, though this only works on referrals from Facebook I believe
It's the same procedure as with users who have disconfirmed a permission. In that case the documentation for invalid access tokens applies: https://developers.facebook.com/docs/authentication/access-token-expiration/
So, you just need to reauthenticate the user including the additional permissions in the scope parameter.
You should be able to check for granted permissions, then if they are not the same as the ones you need then just redirect them to log in with he extended permissions you require and that's it.
http://developers.facebook.com/docs/reference/fql/permissions/
I'm building a Facebbook application that uses the Facebook oauth login. I see some existing sites that have a single-page experience that combines application authorization with asking for permissions. But when I build my application, I'm seeing a two-page authorization dialog: application authorization and basic permissions come on the first screen, the second screen asks for additional permissions.
I'd like to get to a single-screen dialog, similar to the one shown on this page:
http://developers.facebook.com/docs/authentication/
but that's not what I'm seeing, even though I use the URL from that page, and even though I use the same Oauth redirect URL that I see in another app that shows the dialog as I want it.
Anyone have any ideas on how to have the older app authentication dialog?
Short answer: that's the way it works now. Facebook changed things. Go figure.
Facebook has changed the way the auth dialog works. It seems like they are trying to discourage use of publish_stream and other permissions and make it easier for users to grant the open graph publish_actions permission.
From the recent blog post:
Added functionality to the publish_actions permission
When we turn on the new auth dialog, we will also add some of the most frequently requested permissions to publish_actions to make the permission more robust and improve conversion. publish_actions now includes the ability to post status updates on the authenticated user’s own timeline, tag photos, publish photos and videos. Other actions such as posting to a friend's timeline still require the use of publish_stream.
Adding these common permissions to publish_actions eliminates the need for extended permissions and the second screen of the auth dialog for the majority of timeline apps built with the Open Graph. This makes the auth process clearer to new users and should improve conversion rates. Additionally, approved Open Graph actions are no longer required for the publish_actions permission. Apps should only ask for the stream_publish permission if they absolutely need functionality not present in publish_actions.
See this blog post for full details and references: https://developers.facebook.com/blog/post/2012/03/02/enhanced-auth-dialog-and-updates-to-permissions/
Subscribing to the Facebook devleoper blog and monitoring the platform roadmap at https://developers.facebook.com/roadmap/ are good ways to see these changes coming.
I'm building a Facebook app with Facebook login via Oauth 2.0. Will it be possible to request more permissions (scope) from the user in the future as we add features or do we need to request them all up front?
Anyone implemented this with Facebook Connect?
From my experience, you can add permissions later and it'll prompt the user to accept those permissions. For my app, I started with just basic/email permissions and then added photo... and it would prompt for the photo.
You can call Facebook's permissions api (https://graph.facebook.com/me/permissions?access_token=...) to see if the user has authorized the permission you will need (perhaps they later when in and revoked part of your apps permission but not all of it). If they did, or you just later need different permissions, just show the authorization link like you did the first time with the additional permissions listed in the url (&scope=email,read_stream...) and it will prompt them for those.
I'm using facebook connect to allow the visitors login to a website using their facebook account.
The only information needed is that the user id and name.
However the facebook connect dialog states that my app will access all the users friends, photos...
How can I configure my facebook application to not request those data?
The quick answer, you can't. The dialog states that you have the ability to access the user's information. Whether you access it or not is up to you, but the ability to is always there. There is a base level of access granted to all apps. You can prompt for extended permissions, but you can't customize the base level.
This may change going forward with OpenGraph. There are still features Facebook is adding, and some existing, undocumented features.