I am integrating facebook in android I needed to disable SSO cause some old built in fb apps cause a problem..
I used this solution : https://stackoverflow.com/a/17673471/1862806
It is working good and i changed it to open for publish to request permissions too:
session.openForPublish(new Session.OpenRequest(this).setCallback(fbCallback).setLoginBehavior(SessionLoginBehavior.SUPPRESS_SSO).setPermissions(PERMISSIONS));
If the user accepts the permissions while running the application, all is good, if he chooses to skip the publish permissions, i can't know in code, cause when i check using
List<String> permissions = session.getPermissions();
System.out.println(permissions);
I get permissions = [public_actions] as if user accepted them !!
I need to check if user skipped publish permissions in code while disabling SSO (it works with soo).. any idea how ?
thanks
Looks like a potential bug, but you can always make a request to me/permissions using the Request class, and it will give you a list of permissions that the user has granted your app.
It's good to check this endpoint in general (probably once per startup) since the user can remove permissions via the Facebook website at any time.
Related
I have an Android app that uses the 'publish_actions' and 'user_photos' permissions to create photo albums on Facebook. I have already applied and been approved for 'publish_actions'. However, it will not let me apply for the 'user_photos' permission, because it says my app has not used this permission in the last thirty days.
My app does in fact use this permission. I have successfully published albums repeatedly from developer accounts and test user accounts. This only works if I use the 'user_photos' permission. If I try to create an album when I haven't requested 'user_photos', it doesn't work
Yet it still says I'm not using this permission. And I didn't have this problem with the 'publish_actions' permission; it was able to recognize that I was using it.
What do I need to do to make this permission available for applying? It almost seems like creating an album "requires" the permission, but does not "use" it.
I've heard some suggest that you need to be using the app owner's account, but again, this was not necessary for 'publish_actions'.
I solved this problem by changing the functionality of my app. Now my app reads in a user's albums, and appends photos to the album if it already exists. Doing so results in Facebook recognizing the use of the permission, which allows me to apply for it.
Overall, this still seems like a bug on Facebook's end.
You don't need the user_photos permission to publish photos, only publish_actions. You do need user_photos to be able to read (and get) the photos that a user has uploaded.
You, as an admin on the app, is allowed to grant any permissions you want to your app (since you'd need to be able to do that for development). Users who are not in an admin/dev/test role in your app will not be able to use any features that require additional permissions until your app is approved.
I've got to a point in my app where a user can login via the Facebook SDK. The app requests read and publish permissions. Is there a way to check if they have accepted the publish permissions before carrying on? The permission is "publish_actions". I tried doing Session.getPermissions(); but only the read permissions are listed there (basic_info, user_birthday, user_friends).
It seems like there is no way to check if the user accepted my publish permission, is there a possible workaround to this?
The reason I need to check for this is because the permissions can be revoked by the user at any time from their profile, so I can't have them login then revoke the permissions, otherwise that would defeat the purpose of asking for it.
Would really appreciate some help, thank you. Hopefully it's possible and not a Facebook restriction (Although I can sort of see why if it was).
According to Facebook SDK v4+:
To get the list of permissions associated with the current access
token, call:
AccessToken.getCurrentAccessToken().getPermissions();
To get the list of declined permissions, call:
AccessToken.getCurrentAccessToken().getDeclinedPermissions();
For your app, you can use any valid user access token, and make a call to /me/permissions, and it will return a list of permissions that the user has granted your app.
For more docs, see https://developers.facebook.com/docs/graph-api/reference/user/permissions/
I think the Best way to check for permission:
Facebook SDK 4.+ :
if (AccessToken.getCurrentAccessToken().getPermissions().contains("publish_actions")) {
//permission exists
}
I'm currently integrating an android app with the new Android Facebook 3 SDK.
I've got it working, but I've noticed that in "My Apps" on facebook it states that the app needs to post on my behalf to my friends. This is not a requirement for this app and I have not specifically requested any extra permissions. I have noticed that a number of other apps in my app centre can only post to "only me".
How do I remove the need for this permission?
You can use the setReadPermissions() of the LoginButton class for this.
this will only set the read permissions.
to set publish permissions you need to use setPublishPermissions().
the login button can only be associated with one of these at a time.
If you see that your app has publish permissions in your facebook settings, that means at some point you have authorized the app for publish permissions.
If you want to remove it from your settings, you can either remove the app, or remove just the "Post on your behalf" permission (in your facebook settings).
Then, you can change your app to only request read permissions, and not publish permissions. You cannot remove permissions from the app directly, you can only request more.
I'm trying to convert my app to use the new Facebook Android SDK 3.0. I want to be able to check in places with my app. I've switched my old log in method to the native-login button supplied with the SDK. As far as I understand I can't ask for publishing permission during the installation process without asking for a basic permission first. And I can't set both publish and read permissions to the login button, because this will cause an exception. Then how should I do this? I don't want my user to deal with two dialog screens (every click matters). I want to ask for the permission once during the installation (first time use) process, and not when the publishing will occur (this damages the designed flow of my app).
Thank you in advance,
Dan
No you cannot ask for Publish Permission during app install (Only basic permission)
Publish permission dialog will be asked only once
Your right asking publish permission at install time will throw exception & break the login flow
I am actually preparing to release an app using the device google account to authenticate on Google App Engine server.
To do that, I need those permissions :
USE_CREDENTIALS : obviously
INTERNET : obviously
GET_ACCOUNTS : to ask the user to select one of the google accounts registered on his phone.
My problem is with GET_ACCOUNTS : I think it's quite intrusive to ask this permission along with INTERNET : I would be able to get all his accounts (google, facebook, etc...) and send them to my server (I won't do that of course !). But I fear this permission may scare users, and they may not download my app...
I had the idea to report this permission to an other app, which wouldn't have INTERNET permission. This app would be called with an intent, and return only the account chosen by the user. And then, my main app don't need GET_ACCOUNTS anymore.
The source code is there : http://code.google.com/p/account-chooser/
It's quite simple (only one screen)
To send an intent to this app I use a utility library like IntentIntegrator from ZXing. If my "account chooser" app is not present on the device, it asks the user to download it from market.
What do you think about that ? Is it a good idea ? Am I right to bother the user with downloading a mysterious app he may not understand the usefulness ? Or should I just use GET_ACCOUNTS permission in my main app without questionning myself about privacy ?
So instead of just asking for the GET_ACCOUNTS permission within your app, you plan to request it in another app and in turn expose that information to any other app on the device (via an intent).
Stick with asking for the GET_ACCOUNTS permission within your app and be done with it. Speaking from experience, if an app I downloaded forced me to install yet another app just to get some functionality out of it, well.. you know what happens next :)