Publish_actions requested in Facebook Authentication Dialog even when it is not specified

Take a look at this if you are going to implement Open-Graph actions in your existing Facebook apps.

I get a Facebook application that requests only birthday and email permission from the user.  Recently, I planned to added the “Read” Open-Graph action to it.  However, to avoid any impact to the existing users, I want this feature to be available to new users only.  In other words, I need to control whether to request for the “publish_actions” permission on using my own application logic. However, based on what I have tested, I cannot control this.

Right after I specify in my Facebook App Settings that it will use the “Read” action, the authorization dialog that I see when kicking off the authentication flow (by redirecting the user to following URL) will request for the publish_actions permission

  • https://www.facebook.com/dialog/oauth?client_id={my_appID}&redirect_uri={my_app_URL}&state=aeb8b1442149da0eb3ead76a4a33f66e&scope=user_birthday%2Cemail

As seen in the “scope” param, I only request for user_birthday and email, but I see the publish_actions is also requested in the dialog.

A bug report had been opened for this.  It is located here https://developers.facebook.com/bugs/462322807113376?browse=search_4fe182369e7a16a79585813.

 

This entry was posted in Authentication and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *