Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OAuthWebSecurity Facebook ominous message: app "would like to access your public profile, friend list and email address"

Using the asp.net-mvc4 oauth Facebook client (OAuthWebSecurity.RegisterFacebookClient) pretty much as it is in the MVC4 template internet app. Problem is, when users log in with their account they see the message:

"would like to access your public profile, friend list and email address"

The thing is, I don't want access to their public profile, friend list and email address. I just want to allow them to log into my app using their Facebook account. I can see that this message would turn people away (I personally wouldn't click 'okay').

Ideally, I would like to specify the level of permission required in my MVC app where the mimimum level does not result in that message. This would allow increased privilege at a later stage if needed. But, I would settle for any way that I can get a less ominous message.

I have looked at the settings in the Facebook app management page, but can't see anything that would reduce the restrictions. I tried configuring the permissions to only-me, but this didn't help. I searched online and did not find anything that suggested a solution to this.

Any help would be great.

Edit:

Also, I am not sure why 'public profile' is mentioned in the message at all. Can't anyone access your public profile (since it is public)? So why mention it in the message? Or does the word 'access' mean more than simply being able to see the public profile?

like image 335
acarlon Avatar asked Jun 09 '13 03:06

acarlon


1 Answers

Those are the very basic permissions that a user grants you by just logging in to your app - has always been that way, FB have just updated the message shown to the user to make it more clear what they actually share.

You can not ask for "less" permissions.

like image 158
CBroe Avatar answered Oct 20 '22 06:10

CBroe