Facebook's app permission message is vague and unhelpful

Question

When I attempt to sign in to my site with my Facebook account, I receive a warning which is inaccurate:

Submit for Login Review
Some of the permissions below have not been approved for use by Facebook.

The permissions they refer to are listed below this message:

****** will receive the following info: your public profile, email address,
birthday, website and personal description.

The latter permissions do not map to the permissions in the Facebook App permissions list which you must be approved for:

• manage_notifications
• read_insights
• publish_actions
• read_friendlists
• manage_pages

I cannot for the life of me find out which permissions I should request approval for. All I want to do is use Facebook as a signin mechanism for our website ... that's it. My understanding is that this requires no approval at all, but clearly it does, otherwise I would not have received the "Submit for Login Review" message.

Answer 1

For me this is worked.

Goto your app in Facebook. Then goto AppReview ->permissions and features. Then click on ->Get Advanced permission.

Answer 2

When calling the FB api you have the option to set a thing called "scope". Here is an example of how this may look:

'Facebook' => array ( 
                                    "enabled" => true,
                                    "keys" =>
                                        array (
                                            "id" => "762xxxxxxxxxxxxx",
                                            "secret" => "b1831068a1xxxxxxxxxxxxxx"
                                        ),
                                    "scope" => "email, user_about_me, user_birthday, user_hometown, manage_notifications , read_insights, publish_actions, read_friendlists, manage_pages"
            ),

If you are requesting more than:

public_profile
user_friends
email

You will need to have your app verified.

The solution to your problem is to limit the scope of information you want access to, so this would resolve your problem:

'Facebook' => array ( 
                                    "enabled" => true,
                                    "keys" =>
                                        array (
                                            "id" => "762xxxxxxxxxxxxx",
                                            "secret" => "b1831068a1xxxxxxxxxxxxxx"
                                        ),
                                    "scope" => "email, public_profile, user_friends"
            ),

Answer 3

I'm not sure which documentation you're looking at, but for API versions 2.0 or higher, the only permissions you can request from end-users without submitting your use of them to Facebook for review are:

• public_profile
• user_friends
• email

If you have any permissions in the scope parameter of the Oauth/Login dialog other than the three listed above, users who aren't admins/developers/testers of the app won't be prompted to grant them (until you have them approved)

The list you can request without approval is mentioned in the following documentation:

https://developers.facebook.com/docs/apps/review/login

https://developers.facebook.com/docs/facebook-login/permissions/v2.1#categories