Meteor facebook API : user_friends permission missing

1
votes

I'm using account-facebook and fbgraph packages with meteor, my service configuration looks like this : 

{ _id: 'zDCcCKawiBFrgLQ8Q',
   service: 'facebook',
   appId: edited,
   secret: edited,
   requestPermissions: [ 'user_friends' ] }

I get an access token at login and can get the email and public profile fine, but my permissions only include those permissions and not user_friends : 

{ data: 
  [ { permission: 'email', status: 'granted' },
    { permission: 'public_profile', status: 'granted' } ] }

I thought user_friends was a given permission. What am I missing?

2
facebookfacebook-graph-apimeteormeteor-accounts
Where do you get email permission from, if you’re not even asking for that?CBroe
I understand that the basic permissions are provided by default? are they not? EDIT : I think they come from the access token that I get from the login. I tried to remove the requestPermissions from the service config and it seems to have no impact.Mathieu K.
They are approved by default, meaning you do not have to get them reviewed by Facebook, before you can ask normal users for them. But it does of course not mean that users will automatically grant those permissions to your app – you still have to ask for them.CBroe
I understand that but accounts-facebook already asks for those and gives back an access token? That's where email and public_profile are coming from I think.Mathieu K.
Ok the Meteor.loginWithFacebook was not setup properly, it wasn't asking for any permissions. By requesting the proper permissions I got what I wanted. The weird thing is that I got permissions without asking for them in the first place... :-/Mathieu K.

2 Answers

2
votes

SOLVED by rewriting the loginWithFacebook: 

Template.third_party.events({
  "click .btn-facebook": function(e, t){
    Meteor.loginWithFacebook({
      requestPermissions: ['email', 'user_friends']
      }, function (err) {
      if (err)
        Session.set('errorMessage', err.reason || 'Unknown error');
    });
  }
});

Where third party is the template that includes the facebook button.

1
votes

A better solution would be to include the following configuration in your client-side code:

Accounts.ui.config({
    requestPermissions: {
        facebook: ['user_friends']
    }
});