Gigya Job Openings

Facebook Login Permissions

Skip to end of metadata
Go to start of metadata

Understanding Facebook Login Permissions

After Facebook’s F8 announcement back in April 2014, changes have been made to how permissions are requested and how the data collected can be used. Facebook has implemented a review process to make sure these guidelines are being followed. To help you better understand these changes, the following guide will provide you the information you need to create a successful Facebook login app.

When a user logs into your website through Facebook Login, you can access some of their Facebook data, depending on which permissions you have been granted. As of Facebook API v2, the data you can access by default is limited to the user's public profile data (public_profile). In your Facebook app settings, you may also request additional permissions to access the user's email and user_friends. Any further permissions you ask for will require passing a review process, which may take 7-14 days.

For more information on permissions, permission requests and the review process, as well as the most up-to-date list of available permissions, see Permissions with Facebook Login in Facebook's documentation.

Public Profile Properties

When users are prompted with the initial Facebook Permissions dialog when they log in socially for the first time, the permissions requested at this step are considered “read” permissions and should be the permissions you require for login. The bare minimum should be requested to provide the best user experience and optimize conversion. The most common permissions requested from users are public_profile, email and user_friends. The user’s public profile is always required for social login and contains the following information:

  • Name
  • Profile Picture
  • Other attributes, if made public by the user (i.e., age range, gender, etc.)

Keep in mind that users have the ability to edit the permissions that they want to grant your app. Your app will have to determine what happens if the requested permissions are denied by the user. Will the user be able to continue creating an account? Or will they be denied social login access?

Extended Profile Properties

The most common extended properties that you may look into requesting from your users are user_birthday, user_likes, user_ location, user_relationships, and user_relationship_details. Requesting these permissions will require your app to go through a review process (see The App Review Process below). You will need to provide a reason and/or use case for each permission you request. The reason should be in the context of improving and personalizing the user’s on-site experience.

Extended Permissions

Extended permissions give access to more sensitive information and allows the app to publish and delete data. These are called “publish” permissions (publish_actions). This will allow your app to post to the user’s timeline and will prompt a second permissions dialog. This extended permissions dialog will cause a drop off in the number of completed social logins so we recommend only prompting this dialog when the user performs an action that requires these permissions.

The App Review Process

If your app requests more than public_profile, email, and user_friends permissions, it will require a review by Facebook before it can be live and used by your users. It usually takes about 7 business days for the review to be completed so we recommend determining what permissions your as possible.

You have to be properly using the data you gather from your users in order for your app to be approved. The data gathered can be used for things like improving the user’s experience and personalizing on-site interactions.

Here are a few examples of how to use this data to create a tailored user experience:

  • Likes - Showing a user running shoes because they “liked” running on Facebook.
  • Relationship Status - Suggesting promotions around Valentine’s day based on relationship status.
  • Location - Pre-populating all shipping information for products or suggesting relevant events or deals near the user’s location.

Available Permissions

There are several categories of permissions:

  • Basic permissions are available to your app automatically.
  • Extended permissions give you access to particularly sensitive data or the ability to publish information in a user's profile. The user login flow includes a separate screen where the user can agree or refuse to grant these extended permissions. To receive these permissions, your app will have to be reviewed by the Facebook team to ensure there is no misuse of data to invade the user's privacy.

 

NameDescriptionBasicRequires ReviewExtended

public_profile

Provides access to the user's public profile, which includes the following properties:

  • id
  • name
  • first_name
  • last_name
  • link
  • gender
  • locale
  • timezone
  • updated_time
  • verified
  

user_friends

Provides access to the list of friends that also use your app.

In order for a user to show up in a specific user's friend list, both people must have agreed to share their list of friends with your app, and not disabled that permission during login.

  

email

Provides access to the user's primary email address.

  

user_about_me

Provides access to a user's personal description (the 'About Me' section on their Profile).

 

user_actions.books

Provides access to all common books actions published by any app the user has used. This includes books they've read, want to read, rated or quoted.

 

user_actions.fitness

Provides access to all common Open Graph fitness actions published by any app the user has used.

 

user_actions.music

Provides access to all common Open Graph music actions published by any app the user has used.

 

user_actions.news

Provides access to all common Open Graph news actions published by any app the user has used which publishes these actions.

 

user_actions.video

Provides access to all common Open Graph video actions published by any app the user has used which publishes these actions.

 

user_actions:{app_namespace}

Provides access to all of the user's custom Open Graph actions in a given app. This enables you to personalize a user's experience based on their open graph actions published by another app.

 

user_activities

Provides access to a user's list of activities as listed on their profile. This is a subset of the pages they have liked, where those pages represent particular interests.

 

user_birthday

Access the date and month of a user's birthday. Year of birth is included if the user's privacy settings allow it.

To verify a user's age rank (i.e. minor), use the age_range property included in public_profile.

 

user_education_history

Provides access to a user's education history.

 

user_events

Provides read-only access to the Events a user is hosting or has RSVP'd to.

 

user_games_activity

Provides access to read a user's game activity (scores, achievements).

 

user_groups

Enables your app to read the Groups a user is a member of. This permission does not allow you to create groups on behalf of a user.

Note: This permission is granted only to apps building a Facebook-branded client on platforms where Facebook is not already available.

 

user_hometown

Provides access to a user's hometown location.

 

user_interests

Provides access to the list of interests in a user's profile. This is a subset of the pages they have liked which represent particular interests.

 

user_likes

Provides access to the list of all Facebook Pages and Open Graph objects that a user has liked, as well as any languages the user has specified in their profile.

 

user_location

Provides access to a user's current city.

 

user_photos

Provides access to the photos a user has uploaded or been tagged in.

 

user_relationships

Provides access to a user's relationship status, significant other and family members.

 

user_relationship_details

Provides access to a user's relationship interests ("interested in...").

 

user_religion_politics

Provides access to a user's religious and political affiliations.

 

user_status

Provides access to a user's statuses (posts on Facebooks that don't include links, videos or photos).

 

user_tagged_places

Provides access to the Places a user has been tagged at in photos, videos, statuses and links.

 

user_videos

Provides access to the videos a user has uploaded or been tagged in.

 

user_website

Provides access to the user's personal website URL.

 

user_work_history

Provides access to a user's work history and list of employers.

 

read_friendlists

Provides access to the names of custom lists a user has created to organize their friends.

This permission does not give access to the user's friends. To access a user's friends who also use your app, use the user_friends permission.

 

read_insights

Provides read-only access to Facebook Insights data for Pages, Apps and web domains the user owns.

 

read_mailbox

Provides the ability to read the messages in a user's Facebook Inbox.

Note: This permission is granted only to apps building a Facebook-branded client on platforms where Facebook is not already available.

 

read_page_mailboxes

Provides the ability to read from the Page Inboxes of the Pages managed by a user.

This permission does not let your app read the page owner's mailbox. It only applies to the page's mailbox.

 

read_stream

Provides access to read the posts in a user's News Feed or the posts on their Profile.

 

manage_notifications

Enables your app to read a user's notifications and mark them as read.

This permission does not let you send notifications to a user.

 

manage_pages

Enables your app to retrieve Page Access Tokens for the Pages and Apps that the user administrates.

 

publish_actions

Provides the ability to publish Posts, Open Graph actions, achievements, scores and other activity on behalf of the user.

 

rsvp_event

Provides the ability to set a user's attendee status on Facebook Events, e.g. "attending", "maybe" or "declined".

This permission does not let you invite people to an event, update an event's details or create a new event.

 

 

Useful Links

https://developers.facebook.com/docs/facebook-login/permissions

https://developers.facebook.com/docs/facebook-login/permissions#reference-extended

https://developers.facebook.com/docs/apps/review#principles