Facebook ignores scope

Question

I am using Devise and omniauth-facebook to do Facebook login for my website. This is defined in an config/initializers/devise.rb:

config.omniauth :facebook, app_id, app_secret, scope: 'email'

For my website, I need the email address only. However, my FB app is set up with three login permissions by default - email, public_profile and user_friends.

Whenever the login button is clicked, the FB dialog says that my app "will receive the following info: your public profile, friend list and email address." I do not need the friend list and do not want to deter users from signing in.

I tried to manipulate the url directly but that didn't work either:

user_omniauth_authorize_path(provider, :scope => 'email')

Digging a little deeper, I found that the default scope in omniauth-facebook is email only as defined in omniauth-facebook/lib/omniauth/strategies/facebook.rb:

DEFAULT_SCOPE = 'email'

Am I missing something here? Is Facebook ignoring or overridding the scope parameter? Is there a way to change the default login permissions on my Facebook app?

Any pointers would be appreciated.

If you use API v1.0 it will always as for email, public_profile and user_friends. The solution is to use API v2.0 or later — WizKid, Oct 15 '14 at 17:33

score 0 · Answer 1 · answered Sep 02 '15 at 08:24

0

Since Facebook API changes in July, you must now include info_fields: 'email, name'

So: config.omniauth :facebook, app_id, app_secret, scope: 'email', info_fields: 'email, name'

Should do the trick

answered Sep 02 '15 at 08:24

Laser

5,085
4
34
48

Facebook ignores scope

1 Answers1