Implementation Example: Requesting More User Information in the Facebook OAuth Process
I mentioned at a few points throughout the OAuth 2 Facebook examples that
we would dive deeper into the topic of scopes. You might remember that
we used the scope parameter in the
URI where the user was forwarded to go through the authorization
flow:
//construct Facebook auth URI
$auth_url = $authorization_endpoint
. "?redirect_uri=" . $callback_url
. "&client_id=" . $key
. "&scope=email,publish_stream,manage_pages,friends_about_me";The purpose of the scope
parameter is to allow an application to request certain social
information from a user.
Note
Some providers bind these scopes directly to the application ID
or key issued when you first create your application instead of
dynamically in the initial OAuth request token request. This means
that they do not require a scope
parameter in that initial request. Providing the scope parameter, such as in this Facebook
implementation, allows you to define scopes in a very dynamic
manner.
Facebook includes an extensive number of scopes that we can include as a comma-separated list in the authorization request.
Data permissions
Data permissions will allow your application to access information about a user, or a user’s friends (in the form of a friend request), as shown in Table 9-10.
Table 9-10. Data permissions
User permission | Friend permission | Description |
|---|---|---|
| Not available | Enables your application to manage ads and call the Facebook Ads API on the user’s ... |
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
