When skipping Facebook authentication, shouldn't I get back an appropriate value to indicate the users decision?

Question

In my app, I have the following code:

$loginUrl = $facebook->getLoginUrl( array( 'scope' => 'publish_stream' ) );
header("Location: ".$loginUrl);

which takes the user to facebook and asks them:

'[oshirowanens app] would also like permission to:
Post on your behalf
This app may post on your behalf, including status updates, photos and more.
Allow - Skip

If I click Skip, I am redirected back to my app, where I would expect to see the following url parameteres error, error_reason, and error_description similar to what happens when I user fails to login into their facebook account?

(optional) The URL to redirect the user to once the login/authorization process is complete. The user will be redirected to the URL on both login success and failure, so you must check the error parameters in the URL as described in the authentication documentation. If this property is not specified, the user will be redirected to the current URL (i.e. the URL of the page where this method was called, typically the current URL in the user's browser).

Source: https://developers.facebook.com/docs/reference/php/facebook-getLoginUrl/

Does something like that exist for skipping a permissions authentication request like the publish_stream?

Answer 1

Actually if you see the login process from FB it will be two step process.

First you will be asked to login with your FB account, on the same page you can see the list of 'Basic permissions' the app is seeking from the user.

After this step, you will see another dialog with set of permissions which are called as Extended permissions with 'Accept' & 'Skip'. The extended permissions are the permissions which user can decide upon skipping and even after skipping the user will be able to access the application.

So when a user skips an extended permission, FB doesn't treat this as an error and thus doesn't return anything back to the application.

Still if you feel that the permission you are asking is important to your application, you can ask them when you are about to do an operation related to that permission. In your case, when you are about to post on user's wall , you can ask that permission and then perform the action.

See here on how you can handle the missing permission .

Also you can visit the FB guidelines on best practices when it comes to asking permissions.

Answer 2

I don't think you can get the error.

You may want to check the granted permissions by calling /me/permissions.

https://graph.facebook.com/me/permissions?access_token=OAUTH_ACCESS_TOKEN_HERE

That will return a json object like this:

{
  "data": [
    {
      "installed": 1, 
      "user_interests": 1
    }
  ], 
  "paging": {
    "next": "https://graph.facebook.com/SOME_USERID/permissions?limit=5000&offset=5000"
  }
}

Using the php sdk of facebook it should be something like this:

$permissions = $facebook->api("/me/permissions");
if( array_key_exists('publish_stream', $permissions['data'][0])) {
 // granted
} else {
 // skipped
}