facebook oauth can't logout user who doesn't accept permissions

Question

I have a facebook application that runs in a kiosk at my restaurant, it allows users to check-in. That works great, if they log in and accept the permissions needed, it then lets them logout when they are done without the slightest problem.

If however they don't accept the permissions no method of logging them out will work. I have tried everything I can think of and every post I could find on stackoverflow.

How can I log the customer out if auth doesn't have the permission from the user?

I have reported this to facebook using the bug report, they have stated that they are looking into it. Just hope one of the geniuses on here had an idea.

Answer 1

You should use the permissions connection in the graph api to determine if user has given certain perms needed. if they have not you can use the same as a condition to render a login button or flow with out the scope added.

example coming: includes, current php sdk, and current js sdk with login button html5.

*in the example i am using manage_pages as the permission needed.*

PHP SDK 3.2.2 init.

 require '../../src/facebook.php';
 $facebook = new Facebook(array(
   'appId'  => '1111111111111111',
   'secret' => 'xxxxxxxxxxxxxxxx',
   'cookie' => true, // enable optional cookie support
   ));
try { $user = $facebook->getUser(); } catch (FacebookApiException $e) {  };

PHP code:

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_accounts = $facebook->api('/me/?fields=permissions');
  } catch (FacebookApiException $e) {
   error_log($e);
   $user = null;
  }
}

---

PHP conditions and HTML5 login button

        <div id="fb-root"></div>
        <script>// current js sdk</script>
<?php if($user && !$user_accounts[permissions][data][0][manage_pages]): ?>
// we know we have a user but no perms so lets render button with out scope.
    <div class="fb-login-button" data-autologoutlink="true" data-show-faces="false" data-width="200" data-max-rows="1" data-size="large"></div>
<?php elseif($user && $user_accounts[permissions][data][0][manage_pages]): ?>
// we know we have a user and they have given perms so render button with scope.
    <div class="fb-login-button" data-autologoutlink="true" data-show-faces="false" data-width="200" data-max-rows="1" data-size="large" data-scope="manage_pages"></div>
<?php elseif(!$user): ?>
// we have no user, flow as new user... or provide 2 buttons lol.
    <div class="fb-login-button" data-autologoutlink="true" data-show-faces="false" data-width="200" data-max-rows="1" data-size="large" data-scope="manage_pages"></div>
<?php endif; ?>