Implementation Example: Requesting More User Information in the Facebook OAuth Process

I mentioned at a few points throughout the OAuth 2 Facebook examples that we would dive deeper into the topic of scopes. You might remember that we used the scope parameter in the URI where the user was forwarded to go through the authorization flow:

//construct Facebook auth URI
$auth_url = $authorization_endpoint
          . "?redirect_uri=" . $callback_url
          . "&client_id=" . $key
          . "&scope=email,publish_stream,manage_pages,friends_about_me";

The purpose of the scope parameter is to allow an application to request certain social information from a user.

Note

Some providers bind these scopes directly to the application ID or key issued when you first create your application instead of dynamically in the initial OAuth request token request. This means that they do not require a scope parameter in that initial request. Providing the scope parameter, such as in this Facebook implementation, allows you to define scopes in a very dynamic manner.

Facebook includes an extensive number of scopes that we can include as a comma-separated list in the authorization request.

Data permissions

Data permissions will allow your application to access information about a user, or a user’s friends (in the form of a friend request), as shown in Table 9-10.

Table 9-10. Data permissions

User permission

Friend permission

Description

ads_management

Not available

Enables your application to manage ads and call the Facebook Ads API on the user’s behalf.

email

Not available

The user’s primary email address.

read_friendlists

manage_friendlists

Gives your application read access to the user-created friend lists.

read_insights

Not available

Gives your application read access to the data insights for user-owned pages, applications, and domains.

read_mailbox

Not available

Gives your application read access to the user’s mailbox.

read_requests

Not available

Gives your application read access to the user’s friend requests.

read_stream

Not available

Gives your application read and search access to all posts in the user’s news feed.

user_about_me

friends_about_me

The About Me section of the user’s profile.

user_activities

friends_activities

Recent user news feed activities.

user_address

Not available

The address listed in the user’s profile.

user_birthday

friends_birthday

The birthday listed in the user’s profile.

user_checkins

friends_checkins

The user’s checkins.

user_education_history

friends_education_history

Education information listed in the user’s profile.

user_events

friends_events

List of events the user is attending.

user_groups

friends_groups

List of groups the user is involved in.

user_hometown

friends_hometown

The hometown listed in the user’s profile.

user_interests

friends_interests

Interests listed in the user profile.

user_likes

friends_likes

Pages that the user has liked.

user_location

friends_location

The user’s last known location.

user_mobile_phone

Not available

The user’s mobile phone number.

user_notes

friends_notes

Any notes the user has added to her profile.

user_online_presence

friends_online_presence

The user’s online/offline status.

user_photo_video_tags

friends_photo_video_tags

Photos/videos the user has been tagged in.

user_photos

friends_photos

The photos that the user has uploaded.

user_relationship_details

friends_relationship_details

The user’s relationship preferences.

user_relationships

friends_relationships

The user’s family and personal relationships.

user_religion_politics

friends_religion_politics

The user’s religious and political affiliations.

user_status

friends_status

The most recent user status message.

user_videos

friends_videos

Videos that the user has uploaded.

user_website

friends_website

The URLs listed in the user’s profile.

user_work_history

friends_work_history

The work history listed in the user’s profile.

xmpp_login

Not available

Enables applications that integrate Facebook chat to log in users.

Publishing permissions

Publishing permissions (Table 9-11) enable the application to push or modify content on the user’s behalf. These permissions are important when you’re attempting to use viral channels to promote your application to new users or to keep current users engaged.

Table 9-11. Publishing permissions

Permission

Description

create_event

Allows your application to create and modify events on the user’s behalf.

offline_access

Allows your application to make requests for privileged user information at any time. This permission makes any access tokens long-lived, as opposed to the standard short-lived access token that is provided through OAuth.

publish_checkins

Enables your application to perform checkins on the user’s behalf.

publish_stream

Enables your application to publish content, comments, and likes to the user’s news feed at any time.

rsvp_event

Allows your application to RSVP to events on the user’s behalf.

sms

Enables your application to send text messages to the user and allows it to respond to messages from the user via text messaging.

Page permissions

Page permissions (Table 9-12) have a simple task: to provide access tokens for pages. This will allow the application to capture and set data in that context.

Table 9-12. Page permissions

Permission

Description

manage_pages

Allows the application to obtain access tokens for pages that the user is the administrator of.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.116.62.168