Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Facebook's app permission message is vague and unhelpful

When I attempt to sign in to my site with my Facebook account, I receive a warning which is inaccurate:

Submit for Login Review
Some of the permissions below have not been approved for use by Facebook.

The permissions they refer to are listed below this message:

****** will receive the following info: your public profile, email address,
birthday, website and personal description.

The latter permissions do not map to the permissions in the Facebook App permissions list which you must be approved for:

  • manage_notifications
  • read_insights
  • publish_actions
  • read_friendlists
  • manage_pages

I cannot for the life of me find out which permissions I should request approval for. All I want to do is use Facebook as a signin mechanism for our website ... that's it. My understanding is that this requires no approval at all, but clearly it does, otherwise I would not have received the "Submit for Login Review" message.

like image 873
Rjak Avatar asked Sep 10 '14 20:09

Rjak


People also ask

How do I grant an app permission on Facebook?

Tap in the top right of Facebook. Scroll down and tap Settings. Go to the Permissions section and tap Apps and Websites. Go to Apps, Websites and Games and tap Edit.

What permissions does Facebook need?

Facebook Login allows a person to grant only a subset of permissions that you ask for to your app, except for public profile, which is always required.

How long does facebook app review take?

It typically takes us less than one week to process your submission, and often takes only 2 to 3 days, but may take longer during peak periods.


2 Answers

I'm not sure which documentation you're looking at, but for API versions 2.0 or higher, the only permissions you can request from end-users without submitting your use of them to Facebook for review are:

  • public_profile
  • user_friends
  • email

If you have any permissions in the scope parameter of the Oauth/Login dialog other than the three listed above, users who aren't admins/developers/testers of the app won't be prompted to grant them (until you have them approved)

The list you can request without approval is mentioned in the following documentation:

https://developers.facebook.com/docs/apps/review/login

https://developers.facebook.com/docs/facebook-login/permissions/v2.1#categories

like image 59
Igy Avatar answered Oct 11 '22 14:10

Igy


When calling the FB api you have the option to set a thing called "scope". Here is an example of how this may look:

'Facebook' => array ( 
                                    "enabled" => true,
                                    "keys" =>
                                        array (
                                            "id" => "762xxxxxxxxxxxxx",
                                            "secret" => "b1831068a1xxxxxxxxxxxxxx"
                                        ),
                                    "scope" => "email, user_about_me, user_birthday, user_hometown, manage_notifications , read_insights, publish_actions, read_friendlists, manage_pages"
            ),

If you are requesting more than:

public_profile
user_friends
email

You will need to have your app verified.

The solution to your problem is to limit the scope of information you want access to, so this would resolve your problem:

'Facebook' => array ( 
                                    "enabled" => true,
                                    "keys" =>
                                        array (
                                            "id" => "762xxxxxxxxxxxxx",
                                            "secret" => "b1831068a1xxxxxxxxxxxxxx"
                                        ),
                                    "scope" => "email, public_profile, user_friends"
            ),
like image 32
HappyCoder Avatar answered Oct 11 '22 12:10

HappyCoder