My App is asking too much permission

StackOverflow https://stackoverflow.com/questions/16724943

Question

I'm completely new to working with FB Apps and this may be a terribly stupid question but I've been unable to figure it out.

I've set my app to ask for a user's e-mail on the Permissions page, but it is asking for a whole lot more. It wants "your public profile, friend list, email address, birthday, hometown, website and personal description." I don't think I need all of this, although I am using a third party plugin for Wordpress (Wordpress Social Login) to handle this.

Am I missing something on the Facebook end or should I look for the source of this in my Wordpress plugin?

Was it helpful?

Solution

Look in your wordpress plugin: the permissions are embedded in the javascript call to FB.login.

EDIT: they do it in PHP. The file you're looking for is hybridauth/Hybrid/Providers/Facebook.php. You'll notice at the top of that file there is a line that looks like this:

public $scope = "email, user_about_me, user_birthday, user_hometown, user_website, read_stream, offline_access, publish_stream, read_friendlists";

Those are the scopes. Edit that and you should be good to go.

NOTE: change those and you might break something else, so good luck with that one.

OTHER TIPS

The permissions are set in the WordPress Social Login plugin. You can change it, but the change will go lost with the next plugin update. For version 2.2.2 the following works:

in /wp-content/plugins/wordpress-social-login/includes/services/wsl.authentication.php around line 180, find:

// set default scope and display mode for facebook
if( strtolower( $provider ) == "facebook" ){
    $config["providers"][$provider]["scope"] = "email, user_about_me, user_birthday, user_hometown, user_website"; 
    $config["providers"][$provider]["display"] = "popup";
    $config["providers"][$provider]["trustForwarded"] = true;

and erase ", user_about_me, user_birthday, user_hometown, user_website".

I didn't test this, but if you enabled import of contacts, you may want to look a bit further; around line 200, find:

// if contacts import enabled for facebook, we request an extra permission 'read_friendlists'
# https://developers.google.com/+/domains/authentication/scopes
if( get_option( 'wsl_settings_contacts_import_facebook' ) == 1 && strtolower( $provider ) == "facebook" ){
    $config["providers"][$provider]["scope"] = "email, user_about_me, user_birthday, user_hometown, user_website, read_friendlists";
}

and erase "user_about_me, user_birthday, user_hometown, user_website, "

The is a hook for that shown on this page https://wordpress.org/support/topic/wordpress-social-login-cantt-work-invalid-scope-user_friends/

function wsl_change_default_permissons( $provider_scope, $provider )
{
if( ‘facebook’ == strtolower( $provider ) )
{
$provider_scope = ’email, public_profile’;

}

return $provider_scope;
}

add_filter( ‘wsl_hook_alter_provider_scope’, ‘wsl_change_default_permissons’, 10, 2 );
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top