0

I was having problems with my FB logout flow, and I think I have it. I ended up having to add an HTTP DELETE request to

https://graph.facebook.com/v9.0/[user-ID]/permissions?access_token=[access_token]

In order to revoke the user's permissions.

The problem I have is that now there's a popup every time it goes to the page that invokes this request (I use PHP's cURL library to invoke the request) asking to continue and whatnot. I click the "continue as" button, but the popup never goes away... it just turns to a blank screen.

Am I doing something wrong here? If I invoke the request without the access token, I get an error stating it needs an access token...

Oleg Valter is with Ukraine
  • 9,619
  • 8
  • 37
  • 59
The Chau
  • 26
  • 4
  • Your so-called “problem with the login flow” didn’t appear to actually be one in the first place. Not getting re-asked for already granted permissions on every login, that is _supposed_ to work this way. – CBroe Feb 18 '21 at 07:16
  • @CBroe, I agree that it wasn't a problem and that's why I deleted that question. Thank you for your help, btw. I am just trying to figure out if there's any way to get rid of the popup on trying to *revoke* privileges. I don't think I want someone to maintain privileges with my app when they log out of it mainly because I want them to have the option to switch user if they log out and log back in. – The Chau Feb 18 '21 at 09:58
  • It is not clear what popup you are actually talking about here - or how a _server-side_ request, that revokes permissions, could even cause any, on the client side. If you revoke all permissions - then of course the login dialog needs to be shown again, the next time you ask a user to login – I can only guess, that is what you are actually referring to? – CBroe Feb 18 '21 at 10:06
  • Facebook being used by multiple people on the same device, is probably rather the exception, than the norm. Therefor, for convenience reasons, they have not implemented a “hard” logout, when someone logs out of an app. You should really rather leave this up to the users, than trying to enforce it on their behalf. Anyone who uses FB on a shared device, should be aware of the risks, and that it is _their_ responsibility to properly log off, when they are done. – CBroe Feb 18 '21 at 10:06
  • @CBroe I agree that it's better to leave the hard logout as a choice. I'm just thinking that if someone wants to remove the app, they should be able to log out and if they want to switch user, that can be an option also. I've given up on the FB logout and am only trying to deal with the app logout now, tbh (thanks for the advice, again). But to do that, effectively, I'll need to revoke permissions - and that's when I get the popup (basically one of those "continue with..." popups that confirms permissions... but I'm revoking, not adding permissions...) – The Chau Feb 18 '21 at 13:02
  • 1
    Again, that _server-side_ request to remove the permissions, can not by itself cause any popups. This sounds as if you are automatically triggering login again, whenever the user enters your page - in that case then it would of course ask for permissions again, after all you just revoked them all. – CBroe Feb 18 '21 at 13:19
  • 1
    _“But to do that, effectively, I'll need to revoke permissions”_ - no, not really. But you need to make sure that your page does not try to _automatically_ recognize a logged-in user again, after they logged out of your app only - otherwise, it will recognize that you are still logged into Facebook, and since you logged into the app before, will automatically log you in again. So you must not initialize the SDK with `status: true`, and not automatically call getLoginStatus either - otherwise, both of those will _automatically_ log you into the app again, when you visit the site. – CBroe Feb 18 '21 at 13:22
  • @CBroe OMG YOU ARE PRACTICALLY A LIFESAVER!!!!!!! I left "status: true" but removed the `FB.getLoginStatus(function(response)` function and now, there's no additional popup! it's basically 1 page to click the login link, it redirects to another page which does the login and then back to the first page (where you can select some options)... I left the `FB.getLoginStatus(function(response)` in the first page and removed it from the second and it works perfectly now! Thank you again, sir! :) – The Chau Feb 18 '21 at 16:02

0 Answers0