Facebook Apps Authentication and Authorization Process

Authentication and authorization plays an important part in Facebook Apps development. Because it gives your apps the ability to know the identity of a Facebook user, and to read and write data via Facebook’s APIs. In other words,  the user must authorize your app in order to gain access to all the user information available to your app.

Facebook uses the OAuth 2.0 protocol for the authentication and authorization process. Facebook recommend developers using the OAuth Dialog for Apps on Facebook.com, using the following link:

https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE

The above link simply invoke a dialog by redirecting the user’s browser to the above URL.

Note:
Replacing the YOUR_APP_ID and YOUR_CANVAS_PAGE with the correct values found in the Developer App.

The OAuth Dialog for the authentication and authorization will be shown as below:

By default, the user is asked to authorize the app to access basic information that is available publicly or by default on Facebook.

If your app needs more than the basic information to function, you must request specific permissions from the user. This can be accomplished by adding a scope parameter to the OAuth Dialog request followed by comma separated list of the required permissions.

https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID
 &redirect_uri=YOUR_CANVAS_PAGE&scope=public_actions

The above  example shows how to ask the app able to posting to a friend’s feed and posting questions.

Apps Additional Permission Through Auth Dialog Settings

Facebook developers used to use the above link to request specific permissions from the user. However this is much easier now to do it in the Facebook Apps Center.

1. Access the Auth Dialog sub-menu under the Settings menu.

2. Check for “Configure how Facebook refers users to your app” section on the right.

3. Enter the required User & Friend Permissions or/and Extended Permissions as shown in the diagram below. The example below ask the user for Extended Permission of public_stream so that the apps can posting to friend’s feed and posting questions.

The Permissions Reference can be found on Facebook developer documentation.

http://developers.facebook.com/docs/authentication/permissions/

4. When a user access the Facebook Apps for the first time, he/she will be asked for permission to access the basic information.

The user must allow the Apps to access his/her basic information in order to go to the App.

5. If the user accept and click on the Go to App button, the Extended Permission Auth Dialog will appear on the second page.

Note:
The Extended Permission is optional. User has the option to Allow or Skip this permission. Moreover if there are more than one extra permission, user can select which one not to allow by clicking on the corresponding “x” close button.

Apps Additional Permission Through Parameters

The extended permission can also be set in the parameters during the authentication process, for example:

// Get the app User ID
$user = $facebook->getUser();

if (!$user) {
// Authentication is required before accessing the FB App
$loginUrl = $facebook->getLoginUrl(array(
‘scope’ => ‘read_stream’,
redirect_uri’ => $redirectURL
));

}

The authentication process is same as the Auth Dialog above. The user will be asked for permission to access the basic information first. Then has the option to Allow or Skip the extended permission.

In summary:

  • When a user authenticates your application, by default, your app gets the ability to read only the user’s basic information. The user’s basic information includes certain properties of the User object such as id, name, picture, gender, and their locale.
  • If you want to read additional data or publish data back to Facebook, you need to request additional permissions.
  • Additional permissions include two categories – User and Friends Permissions, and Extended Permissions.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>