3

I am integrating Facebook login in my web app, and I was able to generate a redirect url like..

https://www.facebook.com/dialog/oauth?client_id=xxx&redirect_uri=https%3A%2F%2Fexample.com%2Fauth%2Fcallbacks%2Foauth2%2F%3Fhauth.done%3DFacebook&state=xxx&scope=email&display=page

As you can see, my requested scope is only email.

But when I redirected to FB, I am seeing..

xxx would like to access your public profile, friend list and email address.

I don't want to scare my users, is it possible not to show friend list request?

Ryan
  • 10,041
  • 27
  • 91
  • 156
  • 1
    Did you read the login documentation? public profile and friend list is the minimum, base permission, you always must request this – Igy Jun 22 '13 at 18:14

1 Answers1

1

With reference to : Permissions- Basic Info (Default)-

Basic info is part of every request for permissions. It includes several elements from a person's public profile and a list of their friends.

A person's public profile refers to the following properties on the user object by default:

  • id
  • name
  • first_name
  • last_name
  • link
  • username
  • gender
  • locale
  • age_range
  • Other public information

The friend list is the friend list node on the user object.

Sahil Mittal
  • 20,697
  • 12
  • 65
  • 90