9

This question is similar to How can I specifiy what access I need from my user's Facebook accounts when using OmniAuth? but has a caveat.

I'm using OmniAuth to authorize Facebook users on my website. For regular login/registration, asking the user for standard Facebook permissions are acceptable. But there is a feature on my site that requires extended permissions (access to their Facebook photos). I want to only ask for the extended permissions for users when/if they use our site's Facebook photo feature.

All answers I've found on the web on how to set facebook permissions for omniauth deal with just adding a scope option in your OmniAuth initializer, like so:

ActionController::Dispatcher.middleware.use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access,the,scope,you,want}

But I need to define the scope dynamically, so that only when users use the photo feature they get asked for the photo permissions, but not if they are just logging in or registering for the first time.

Anyone know how to do this? Thanks in advance.

Community
  • 1
  • 1
Sean Ahrens
  • 1,025
  • 1
  • 9
  • 18

3 Answers3

11

You may have figured out a solution to this problem already but I figured I'd chime in for those still looking to solve this. My solution allows you to request as little Facebook permissions as possible up front, and then dynamically request them as your app needs them.

http://www.mikepackdev.com/blog_posts/2-Dynamically-Requesting-Facebook-Permissions-with-OmniAuth

Hope this helps!

Mike
  • 2,103
  • 3
  • 18
  • 24
  • Thanks, Mike! Really appreciated. I forwarded this on to some people that I think may need it. – Sean Ahrens Apr 30 '11 at 04:58
  • Sean, glad to hear it helped! Thanks for the forward, more fun stuff to come on my new site :) – Mike May 01 '11 at 01:24
  • really nice, i was doing something similar for different behaviors on my users models, so your solution integrates perfect! thanks a lot! – Alexis Apr 07 '14 at 09:25
5

It looks like they're adding that to Omniauth, but it's still in beta.

You add a 

:setup => true

to your provider and then create a method where you dynamically sets the options (credentials/scope) you need.

https://github.com/intridea/omniauth/wiki/Setup-Phase

https://github.com/intridea/omniauth/wiki/Dynamic-Providers

johnnymire
  • 1,093
  • 2
  • 12
  • 25
-2

I think you can't do that properly. Because you can't be sure your user use only the photo feature. You user can access to all part of you application photo feature and other feature. When the user is logged and switch from your photo feature to other feature, you can't ask it to re-logged. to access this other feature.

All user don't really check what kind of access their authorize, so don't worry about a lot of permission asking.

shingara
  • 46,608
  • 11
  • 99
  • 105
  • When my users click the link to use my photo feature, it's easy for me to send them to /auth/facebook (even if they are already logged in) and for it to redirect to the photo page if the correct permissions have been given. The problem is changing the {:scope = ""} when they click the link, and then back to {:scope = ""} when they are done. I need to if & how the scope can be set after app init like this. This is on a major website, so the % of users that will turn away at log in because photo permissions are required for sigin is a substantial concern. – Sean Ahrens Jan 20 '11 at 20:40