Extended permissions using Registration Plugin
https://stackoverflow.com/questions/13046253
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Ideally, I'd like to use the FB registration plugin, but end up with some additional permissions beyond the basic ones. This is, I know, an old question that has been answered a number of times (e.g. here and here and here.
The answer is always the same: you can't do it, if you need additional permissions you have to ask for them as a subsequent step (which isn't a particularly friendly user experience!) That would be fine, but for one thing: it's clearly not true (at least not entirely).
Sign up for Spotify using Facebook, and you will see that they are using the FB Registration Plugin to power it. After I click "Register", my sign up is complete (no subsequent approval steps). This is with a brand new, virgin FB account. I then go and look at the permissions granted to Spotify within the FB App settings for my account, and I find that it has offline_access permissions. WTF? I never explicitly granted that permission, and according to the FB docs there's no way to make this happen using the Registration plugin. And yet Spotify has managed it? Now I know that offline_access is going away, but I figure that if they can acquire this permission, perhaps there's some generic way of doing this. Can anyone explain this? Have Spotify been given some magic backdoor or is there something I'm missing?
Solution
As noted, in the comment, it is true, some partners and applications have special privileges which are set automatically, for example whitelisted offline access.
With the new login dialog, the permission granting experience should be different. https://developers.facebook.com/docs/facebook-login/overview/#logindialog
