Facebook asking for extended permissions (but should not)

Question

I'm developing an app that enables the users to create an account and log in. So I'm using omniauth and everything works like a charm. The only thing that bugs me is Facebook's authorization (and sign in) dialog which keeps asking the user to give my app the permission access their data at all time. The full message is this:

To enhance your experience, [App name] would also like permission to:

Access your data any time [App name] may access your data when you are not using the application

That sounds creepy and it is unnecessary to the scope of my app.

The "Extended Permissions" field in my auth dialog settings is empty and the dialog preview seems fine. But when I go through a sign up the above request shows up.

Does anybody know how I can turn this behaviour off?

Answer 1

My Omniauth initializer looked like this:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter,  'ABC', 'DEF'
  provider :facebook, 'UVW', 'XYZ'
end

And I assumed this would result in a simple request for the basic user information.

After some research I found this tutorial: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

So I tried this and it worked like a charm:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter,  'ABC', 'DEF'
  provider :facebook, 'UVW', 'XYZ', {:scope => 'email'}
end

No more creepy "I want your data - always, even when you sleep" requests.

Answer 2

Sounds like you're app is requesting the offline permission. Hope this helps you to nail down where the problem might be.