how to set extended permission required?

Question

I found the article very nice to introduction set extended permission required

(https://developers.facebook.com/docs/beta/authentication/#referrals)

but I go to Auth Dialog setting, the field required permission replaced users & friend permission. I can't see field required permission. please help me. thanks

Answer 1

I don't think you can require extended permissions through that dialog, or by using the SDK as suggested above.

In previous versions of the PHP SDK the oauth dialog would return an error if the user did not approve all requested permissions -- this is no longer the case. As long as the user approves the basic permissions, any of the requested extended permissions can be unselected and the user is redirected without a warning or error. I hope that I'm wrong, but from reading the documentation and my own testing, I don't think I am.

From the same page of the documentation that you reference: https://developers.facebook.com/docs/beta/authentication/

"The updated Auth Dialog will display a set of user and friends permissions on the first dialog, and other extended permissions (if any) on a second dialog screen. User and friends permissions are non-revocable, while extended permissions can be revoked by clicking on the "X" next to each permission on the second dialog screen. Your app must be ready to handle each scenario (permissions granted, and revoked) properly."

IOW, if your app requires a specific permission your code must ensure that the user grants it.

Answer 2

You can set extended permissions required via your call to the show the login/authorize screen.

For Javascript SDK, it's the second parameter of FB.login(callback,scope).

For the Login social plugin it's the scope attribute.

For PHP SDK it will be

$params = array(
  scope => 'read_stream, friends_likes',
  redirect_uri => 'https://www.myapp.com/post_login_page'
);
$loginUrl = $facebook->getLoginUrl($params);

Per http://developers.facebook.com/docs/reference/api/permissions/ the extended permissions are:

read_friendlists    Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends.
read_insights   Provides read access to the Insights data for pages, applications, and domains the user owns.
read_mailbox    Provides the ability to read from a user's Facebook Inbox.
read_requests   Provides read access to the user's friend requests
read_stream     Provides access to all the posts in the user's News Feed and enables your application to perform searches against the user's News Feed
xmpp_login  Provides applications that integrate with Facebook Chat the ability to log in users.
ads_management  Provides the ability to manage ads and call the Facebook Ads API on behalf of a user.
create_event    Enables your application to create and modify events on the user's behalf
manage_friendlists  Enables your app to create and edit the user's friend lists.
manage_notifications    Enables your app to read notifications and mark them as read. This permission will be required to all access to notifications after October 22, 2011.
offline_access  Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
publish_checkins    Enables your app to perform checkins on behalf of the user.
publish_stream  Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
rsvp_event  Enables your application to RSVP to events on the user's behalf
sms     Enables your application to send messages to the user and respond to messages from the user via text message
publish_actions     Enables your application to publish user scores and achievements.