Reputation: 21
Do we not always need to obtain 'read_stream' permissions?
When working with my app, or with the Graph API Explorer, I have learned that I can access some information about anybody. Take for example,
https://graph.facebook.com/btaylor.
This includes the topics 'feed' and 'posts', which need 'read_stream' permission. I can get the information, even though he has not extended such permission to my app that I know of. My question is, do 'read_stream' topics have an undocumented peculiar status that does not require permissions?
Upvotes: 0
Views: 4513
Answers (1)
Reputation: 2123
I'll answer your two questions separately.
First, read_stream permissions is not inconsistent. You will need an access token to read someone's stream, no exceptions. The inconsistency you're observing probably lies in the presence of the access token within the URL. For instance
https://graph.facebook.com/btaylor should not provide you with anything more than basic details because the URL does not contain an access token.
https://graph.facebook.com/btaylor?access_token=AAAAAAITEghMBAMFnukHXAQgLGCfnptZAkF41gIDFt7ycPYkRpGic5MoHkpB6CZCaT21PPyQDOjYo7Tn4mGFH7CyNW06kgrZAWbeTVt9YwZDZD will show you additional details because it does contain the access token. However, realize that the access token will expire at some point, so the above link might not work. This link with the proper access token can be found here: http://developers.facebook.com/docs/reference/api/#auth
When looking at btaylor's posts, https://graph.facebook.com/btaylor/posts will tell you you need an access token but https://graph.facebook.com/btaylor/posts?access_token=AAAAAAITEghMBAMFnukHXAQgLGCfnptZAkF41gIDFt7ycPYkRpGic5MoHkpB6CZCaT21PPyQDOjYo7Tn4mGFH7CyNW06kgrZAWbeTVt9YwZDZD will show you all the posts.
It's possible that the Graph API Explorer is caching the access token and sending it with your request without your knowledge, but this doesn't seem to be the case for me. Are you sure the access token is not present within the "Access Token" field?
Second, the reason that you can see data publicly on someone's Facebook profile is because of their Facebook privacy settings. Facebook privacy settings do not correlate at all to the permissions requested and given via the Graph API. You could have everything public on your Facebook profile but none of it (besides the basic information) will be available via the API. A user has to explicitly allow your application access to their information when using the API. As to "why" this is the case, it's probably due to privacy and spam. If everyone in the world had API access to all information a person provided publicly, there would probably be a whole lot more spam only allowing that information to be viewed on facebook.com.
Upvotes: 2
Related Questions
- Having permission for read_stream, manage_notifications, publish_actions
- Facebook Graph API read_stream permission actually blocked for non-Facebook branded apps?
- Info facebook read_stream permission
- Facebook read_stream permission submission
- Facebook read stream permission issue
- Difference between read_stream and user_posts permissions in v2.2
- Can I use read_stream permission if my App can be accessed from Facebook and as website?
- facebook sdk: permission "read_stream"
- What is the permission required to access friends' stream/links?
- Do I need "offline_access" permission if I request publish_stream?