Login to site using facebook application
https://stackoverflow.com/questions/12194395
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
First let me introduce the problem. I have site where I want to allow users to login using their Facebook account. Also I want to have possibility to post on users wall and access his email. I created Facebook app and every time not logged user comes to login page he clicks on Facebook button and gets to auth dialog of application where he must allow getting his email and on next screen allow posting on wall. To this dialog user gets with link which contains scope=email, publish_stream.
First question: When user clicks do not allow to post on wall, next time he uses this link he must again do that. Shouldn't Facebook remember this? I thought that I should not give the scope in link and use application setting where on permissions page a choose extended permissions. But these permissions are never asked for. Even when I enable referrals.
Second question: Is using FB application for this right? Should I not use fblogin?
Thank you.
Solution
When user clicks do not allow to post on wall, next time he uses this link he must again do that. Shouldnt facebook remember this?
No – because then there would be no way to ask a user for an extended permission once they’ve declined it.
Of course it might be annoying to the user to see that dialog asking for posting permission every time again when he just wants to login to your page.
That’s why Facebook themselves advise you to only ask for permissions you actually need for the current task. To provide the ability to log in to your site, you only need basic data and maybe email – so only ask for that, when the user is just logging in.
And then, when you come to the point where the user actively wants to share content through your app – then check if you got the necessary permission already, and ask them for it if it’s not present (by calling the auth dialog again, this time with the extended permission set in the scope parameter).
That way, it’s clear to the user why he gets asked for that permission at this point, and he doesn’t get hassled about it time and time again if he just only tries to log in.
I thought that I should not give the scope in link and use application setting where on permissions page a choose extended permissions. But these permissions are never asked for. Even when I enable refferals.
For these settings to have any effect, the connect to your app must happen in a way that actually triggers Authenticated Referrals. Doing the login by yourself in your app logic does not trigger this way of authentication.
