0

I'm using this to send an invitation from a user to his friend with my app, and asking for permission of public actions when they read news on my app:

function xlfb_friendInvite() {
    FB.ui({method: 'apprequests',
        message: 'great app http://apps.facebook.com/xaluancom enjoin w me..',
    },
    function(receiverUserIds) {
        console.log("IDS : " + receiverUserIds.request_ids);
    });
    //http://developers.facebook.com/docs/reference/dialogs/requests/
}

But then I found out that the request did not come with external permission. When invited, the user received notice and accepted it, but there are no permissions along, so the app can not work.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
Binh Nguyen
  • 1,313
  • 3
  • 17
  • 27

2 Answers2

0

When a user accepts a request that was sent to him, they are redirected to the canvas URL of your application. It is your application's responsibility to check and see if that user has authenticated your application and whether or not they have granted your application the correct permissions.

What you'll need to do is check to see if a user landing on your canvas URL is authenticated. Usually one would request permissions as part of the authentication process but this is not required.

You can test for permissions like this - 

FB.api('/me/permissions', function (response) {
    console.log(response);
});

If the user has not granted all the required permissions then you can simply prompt them with the permissions dialog - 

FB.ui({
    method: 'permissions.request',
    perms: 'user_likes',
    display: 'popup'
    },function(response) {
        if (response && response.perms) {
            alert('Permissions granted');
        } else if (!response.perms){
            alert('User did not authorize permission(s).');
        }
});

If you want to simply authenticate the user and request permissions as part of the login process then you can use some code similar to this - 

FB.login(function(response) {
  // handle the response
}, {scope: 'email,user_likes'});
Lix
  • 47,311
  • 12
  • 103
  • 131
  • thanks. that actualy i'm doing now.. but there are fews time process, one invite, one permission.., and this could be annoy other user who not from invite but already authorized the app for other permission, they might dont want this. I'm thinking of using : redirect_uri .. and redirect one more time user to facebook canvas permission page: facebook.com/dialog/permissions.request?app_id='+appID+'&display=page&next=http%3A%2F%2Fapps.facebook.com%2Fxaluancom%2F&response_type=code&perms=publish_actions&canvas=1 but test not work ..am I missing some things ? – Binh Nguyen May 26 '12 at 09:25
0

At last I found a simple solution. Go to Settings > Auth Dialogue in my FaceBook app center, then click on "edit these permissions" then type in "public_stream, email".

Every time the user receives an invite from the app they will see the window asking for permission when authorizing the application.

I also noticed that "public_actions" currently are not supported in that setup. It may be that the Facebook team forgot to put an option for it there.

Anyway, public_actions is covered by public_stream, so I'm not confused at all.

Thanks go to the Open graph team from FaceBook.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
Binh Nguyen
  • 1,313
  • 3
  • 17
  • 27
  • 1
    `publish_actions` is available for authenticated referrals – you just have to spell it right … – CBroe Jul 31 '12 at 07:59