Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Downside to always using auth_type="rerequest" in Facebook login button (for required permissions)?

Tags:

facebook-graph-api

facebook-login

facebook-graph-api-v2.0

facebook-javascript-sdk

facebook-permissions

I've got a Facebook login implementation (for a website, using the javascript API) for which I want the "email" permission to be required. When the user first logs in, they may deny this permission - which is easy enough to detect by a subsequent look at the /me/permissions endpoint. If I do find they've denied it, I don't continue with the login. So far so good.

Then during subsequent logins, to make sure they get re-prompted for that permission, I include auth_type="rerequest" in my login buttons (which may be rendered via either xfbml or a link with onclick=FB.login(...)).

While this appears to be working, my question is: if I always want the permission to be required, is there any disadvantage to ALWAYS including auth_type="rerequest" in my login buttons? I don't see anything to the contrary in the documentation, and it appears not to have any adverse affect on new users or users who've not denied the permission (i.e. it only changes the login flow - by re-prompting if the user has already rejected something. Which is the behavior I want).

Good practice seems to dictate that I should only include this when I actually know there's something I want to re-prompt, but for the sake of this question, I'd like to know if there are any pitfalls to just always including it.

like image 317
Metal450 Avatar asked Jan 12 '15 02:01

Metal450

People also ask

What permissions does Facebook need?

Facebook Login allows a person to grant only a subset of permissions that you ask for to your app, except for public profile, which is always required.

How do I Authorise my Facebook login?

You may need to enable Login from Devices in your app. Load your app's dashboard and set Product > Facebook login > Settings > Login from Devices to 'Yes'.

2 Answers

There is no real downside afaik, but the recommend way is NOT to force users to use permissions they deselected. Instead, show them an input field if they did not authorize the email permission, where they can enter any email they want. Keep in mind that the email field isn't always filled, even if the user accepted the permission.

like image 54
andyrandy Avatar answered Sep 28 '22 01:09

andyrandy

Are you using Facebook login button? It works for me to re-asking for a declined permission.

Just adding auth_type="rerequest" in the button.

<fb:login-button scope="email,user_birthday,public_profile" auth_type="rerequest" onlogin="checkLoginState();"></fb:login-button>

Hope that can help you.

like image 40
New Hand Avatar answered Sep 28 '22 01:09

New Hand
Sign in to Comment

Related questions

What is the difference between user_status and read_stream FB permission?
Facebook FQL -- very slow
How to get news feed using Facebook graph api?
Looking for URL scheme (fb://) for the new Facebook iOS 5 app to directly open an image
Deleting a Facebook Post from a Page with $facebook->api
Sharing video on Facebook fails
Exclude permissions from Facebook API
Facebook Graph API getting JSON using Ajax
Using Facebook sdk with Chrome Extensions
Dynamically generate description for explicitly shared open graph story through FB.ui Share Dialog
How to get Facebook user's friends' profile picture using Javascript SDK V2.0
How to get big picture from feed (now)? Api has been changed
How to calculate Facebook cover offset
Parse Error: Unacceptable Facebook application id
Facebook Search in Graph API
Graph Search API order by like fql
How to generate Facebook Marketing API access token to use it in Windows application
Facebook graph api comment count
How to get the large picture from feed with graph api?
iOS - Facebook Login Error - Unknown Error building URL (com.facebook.sdk.core error 3)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!