I am developing a Facebook App which requires some extended permission. The problem is that Facebook doesn't automatically ping my app when those permissions are granted by the user. I have to manually query for them or the user must press a confirmation button to send them to me.
My question is how can I enable Facebook to ping me automatically when permissions are changed. I am using the Facebooker plugin in Rails.
If you are developing a canvas application when a user has granted extended permissions you will begin to receive a parameter specifying which permissions were granted (fb_sig_ext_perms).
You can also use the FBJS function Facebook.showPermissionsDialog which will execute a callback that tells you which permissions the user has granted. Documentation here: http://wiki.developers.facebook.com/index.php/Facebook.showPermissionDialog
For Facebook connect, you can specify a javascript callback for when the user has granted (or chosen not to grant) permission. Documentation here: http://developers.facebook.com/docs/?u=facebook.jslib.FB.Connect.showPermissionDialog
Related
Is there a way to mark a scope such as publish_stream as required in Facebook OAuth2?
Currently a user can skip the permission and that results in a non working app in my example.
No you cant do that, in fact facebook asks to check for the extended permissions before performing any related action.
You can any time check for the permissions a user has granted with the API- /me/permissions. Check out- Graph API Explorer
There's no way to "require" extended permissions such as publish_stream as far as I know. Facebook has some docs about how to handle those cases where the user only gave some permissions:
https://developers.facebook.com/docs/facebook-login/permissions/#handling
Quote:
If a person declines the login dialog have a clear and upfront
explanation about why you are requesting each permission. Then let
them click or tap to opt back in to the permission request dialog. Do
not immediately redirect them into a permission request dialog without
an explanation.
For cases where someone has granted some permissions but not others,
only prompt for missing permissions at the point at which they are
needed. For example, if your app contains functionality which creates
an event on behalf of a person, only prompt for create_event
permission whenever they choose to add the event to Facebook.
Unless the permissions you are requesting in the login dialog are
critical to the functionality of your app and a feature doesn't work
without them, let people continue using your app without the
permissions.
what permissions do i need for my facebook app to update status on user behalf.
I already have publish_actions and publish_streams permissions but still my app gives me an error:
error 200: the user did not grant this app the required permissions.
The permissions set in the App Settings are not applied to the app. They are used for logins triggered from the App Center by the Play Game/Go to App buttons – since that is a mechanism where you as the app developer don’t trigger/implement the login yourself, you can not set a scope parameter there; and therefore you make those settings in your app dashboard, so that Facebook knows what permissions to ask for when the user enters your app this way. - Info by CBroe.
For the permissions be applied in your app, you should set the permissions through your code. The permissions are set while implementing the login functionality. For eg: In Javascript, it is done like this: FB.Login
I found the article very nice to introduction set extended permission required
(https://developers.facebook.com/docs/beta/authentication/#referrals)
but I go to Auth Dialog setting, the field required permission replaced users & friend permission. I can't see field required permission. please help me. thanks
You can set extended permissions required via your call to the show the login/authorize screen.
For Javascript SDK, it's the second parameter of FB.login(callback,scope).
For the Login social plugin it's the scope attribute.
For PHP SDK it will be
$params = array(
scope => 'read_stream, friends_likes',
redirect_uri => 'https://www.myapp.com/post_login_page'
);
$loginUrl = $facebook->getLoginUrl($params);
Per http://developers.facebook.com/docs/reference/api/permissions/ the extended permissions are:
read_friendlists Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends.
read_insights Provides read access to the Insights data for pages, applications, and domains the user owns.
read_mailbox Provides the ability to read from a user's Facebook Inbox.
read_requests Provides read access to the user's friend requests
read_stream Provides access to all the posts in the user's News Feed and enables your application to perform searches against the user's News Feed
xmpp_login Provides applications that integrate with Facebook Chat the ability to log in users.
ads_management Provides the ability to manage ads and call the Facebook Ads API on behalf of a user.
create_event Enables your application to create and modify events on the user's behalf
manage_friendlists Enables your app to create and edit the user's friend lists.
manage_notifications Enables your app to read notifications and mark them as read. This permission will be required to all access to notifications after October 22, 2011.
offline_access Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
publish_checkins Enables your app to perform checkins on behalf of the user.
publish_stream Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
rsvp_event Enables your application to RSVP to events on the user's behalf
sms Enables your application to send messages to the user and respond to messages from the user via text message
publish_actions Enables your application to publish user scores and achievements.
I don't think you can require extended permissions through that dialog, or by using the SDK as suggested above.
In previous versions of the PHP SDK the oauth dialog would return an error if the user did not approve all requested permissions -- this is no longer the case. As long as the user approves the basic permissions, any of the requested extended permissions can be unselected and the user is redirected without a warning or error. I hope that I'm wrong, but from reading the documentation and my own testing, I don't think I am.
From the same page of the documentation that you reference: https://developers.facebook.com/docs/beta/authentication/
"The updated Auth Dialog will display a set of user and friends permissions on the first dialog, and other extended permissions (if any) on a second dialog screen. User and friends permissions are non-revocable, while extended permissions can be revoked by clicking on the "X" next to each permission on the second dialog screen. Your app must be ready to handle each scenario (permissions granted, and revoked) properly."
IOW, if your app requires a specific permission your code must ensure that the user grants it.
I'm building a Facebook app with Facebook login via Oauth 2.0. Will it be possible to request more permissions (scope) from the user in the future as we add features or do we need to request them all up front?
Anyone implemented this with Facebook Connect?
From my experience, you can add permissions later and it'll prompt the user to accept those permissions. For my app, I started with just basic/email permissions and then added photo... and it would prompt for the photo.
You can call Facebook's permissions api (https://graph.facebook.com/me/permissions?access_token=...) to see if the user has authorized the permission you will need (perhaps they later when in and revoked part of your apps permission but not all of it). If they did, or you just later need different permissions, just show the authorization link like you did the first time with the additional permissions listed in the url (&scope=email,read_stream...) and it will prompt them for those.
I am using facebook PHP SDK and using that I can able to make request to facebook and get the expended permission from user. After user granted extended permission, anytime user can remove our application or revoke certain granted permission from their settings page, but there is a call back url for facebook to notify, so that and we can track who has removed our application, Suppose some one revoke certain granted permission instead of removing application, How facebook notify us to trace which permission has been revoked by the user?
Is there any other way our app to get to know, what are the permissions user has granted?
Thanks.
-Ravi
You can check if user gave some particular permission with users.hasAppPermission