I mentioned at a few points throughout the OAuth 2 Facebook examples that
we would dive deeper into the topic of scopes. You might remember that
we used the scope
parameter in the
URI where the user was forwarded to go through the authorization
flow:
//construct Facebook auth URI
$auth_url = $authorization_endpoint
. "?redirect_uri=" . $callback_url
. "&client_id=" . $key
. "&scope=email,publish_stream,manage_pages,friends_about_me";
The purpose of the scope
parameter is to allow an application to request certain social
information from a user.
Some providers bind these scopes directly to the application ID
or key issued when you first create your application instead of
dynamically in the initial OAuth request token request. This means
that they do not require a scope
parameter in that initial request. Providing the scope
parameter, such as in this Facebook
implementation, allows you to define scopes in a very dynamic
manner.
Facebook includes an extensive number of scopes that we can include as a comma-separated list in the authorization request.
Data permissions will allow your application to access information about a user, or a user’s friends (in the form of a friend request), as shown in Table 9-10.
Table 9-10. Data permissions
Publishing permissions (Table 9-11) enable the application to push or modify content on the user’s behalf. These permissions are important when you’re attempting to use viral channels to promote your application to new users or to keep current users engaged.
Table 9-11. Publishing permissions
Page permissions (Table 9-12) have a simple task: to provide access tokens for pages. This will allow the application to capture and set data in that context.
18.116.62.168