0

Assume I have an app that requires your e-mail when you log-in with Facebook. With this reauthorize data access, the user can get logged-out forever of the app without the ability to log in anymore. Here's how to recreate:

  1. Login with Facebook, all requested permissions are granted.
  2. After 90 days, you lose access to user data, so the reauthorize screen is shown to the user.
  3. In reauthorize, user revokes access to email permission.
  4. The user is not able to log in anymore. Login will succeed but you won't get the email data. Reauthorize will not show email permission anymore (so you cannot grant it back).

So I would expect to somehow ask a user to grant email permission again, but don't see how to do that. As this stand, the user cannot log in anymore ever because I need the email.

JoKr
  • 4,976
  • 8
  • 27
  • 39
  • https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#reaskperms - parameter `auth_type=rerequest` is the key here. (How to set that with the login method of the Android SDK - consult docs.) – misorude Jan 10 '19 at 14:30
  • JS and Android sdk are quite different. The usual way to rerequest is just to show login again with requiredPermission. What worked a little better is Login -> Reauthorize -> Login again with email permission. The user can still get locked out if he declines email two times and I've found reinstalling the app will give you email option back. Pretty stupid issue. – JoKr Jan 11 '19 at 09:29

0 Answers0