Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook's app permission message is vague and unhelpful

Tags:

permissions

facebook

login

When I attempt to sign in to my site with my Facebook account, I receive a warning which is inaccurate:

Submit for Login Review
Some of the permissions below have not been approved for use by Facebook.

The permissions they refer to are listed below this message:

****** will receive the following info: your public profile, email address,
birthday, website and personal description.

The latter permissions do not map to the permissions in the Facebook App permissions list which you must be approved for:

  • manage_notifications
  • read_insights
  • publish_actions
  • read_friendlists
  • manage_pages

I cannot for the life of me find out which permissions I should request approval for. All I want to do is use Facebook as a signin mechanism for our website ... that's it. My understanding is that this requires no approval at all, but clearly it does, otherwise I would not have received the "Submit for Login Review" message.

like image 873
Rjak Avatar asked Sep 10 '14 20:09

Rjak

People also ask

How do I grant an app permission on Facebook?

Tap in the top right of Facebook. Scroll down and tap Settings. Go to the Permissions section and tap Apps and Websites. Go to Apps, Websites and Games and tap Edit.

What permissions does Facebook need?

Facebook Login allows a person to grant only a subset of permissions that you ask for to your app, except for public profile, which is always required.

How long does facebook app review take?

It typically takes us less than one week to process your submission, and often takes only 2 to 3 days, but may take longer during peak periods.

2 Answers

I'm not sure which documentation you're looking at, but for API versions 2.0 or higher, the only permissions you can request from end-users without submitting your use of them to Facebook for review are:

  • public_profile
  • user_friends
  • email

If you have any permissions in the scope parameter of the Oauth/Login dialog other than the three listed above, users who aren't admins/developers/testers of the app won't be prompted to grant them (until you have them approved)

The list you can request without approval is mentioned in the following documentation:

https://developers.facebook.com/docs/apps/review/login

https://developers.facebook.com/docs/facebook-login/permissions/v2.1#categories

like image 59
Igy Avatar answered Oct 11 '22 14:10

Igy

When calling the FB api you have the option to set a thing called "scope". Here is an example of how this may look:

'Facebook' => array ( 
                                    "enabled" => true,
                                    "keys" =>
                                        array (
                                            "id" => "762xxxxxxxxxxxxx",
                                            "secret" => "b1831068a1xxxxxxxxxxxxxx"
                                        ),
                                    "scope" => "email, user_about_me, user_birthday, user_hometown, manage_notifications , read_insights, publish_actions, read_friendlists, manage_pages"
            ),

If you are requesting more than: 

public_profile
user_friends
email

You will need to have your app verified.

The solution to your problem is to limit the scope of information you want access to, so this would resolve your problem:

'Facebook' => array ( 
                                    "enabled" => true,
                                    "keys" =>
                                        array (
                                            "id" => "762xxxxxxxxxxxxx",
                                            "secret" => "b1831068a1xxxxxxxxxxxxxx"
                                        ),
                                    "scope" => "email, public_profile, user_friends"
            ),
like image 32
HappyCoder Avatar answered Oct 11 '22 12:10

HappyCoder
Sign in to Comment

Related questions

Rails 3.2.17 Runtime Error Redirection Forbidden facebook
How to get the bigger profile picture of a facebook page
How to use both google+ and facebook login in same appdelegate.swift
Serve resources from a consistent URL: facebook vs Google Pagespeed
How can I retrieve the new timeline data from the API?
Android - Facebook share content gets overwritten
Facebook OAuthException code 190 subcode 490 - user is enrolled in a blocking, logged-in checkpoint
Facebook-connect or OpenID? From a developer's perspective
Provide secure Facebook authentication with my Server
ActivityNotFoundException when using Facebook plugin with Unity
Update Facebook App Permissions [closed]
Integrating Facebook Authentication with existing ASP.NET Membership
Add like button to Facebook page - what's the appid?
Facebook iOS SDK vs Social framework
FBSDKShareLinkContent is not setting the contentDescription and contentTitle
Automatically embed newest Facebook posts on my website
Facebook Graph API Returning Empty Data Set
Android Facebook lock screen notification
Switching from HTTP to HTTPS, lost all Facebook “Likes” count
Get nice, dark UIToolbar blur as in Facebook iOS 7 app

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!