I'm building a node js app that uses passport for Facebook login. I'm following the instructions on https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/ for building the flow.
My app does NOT require any permissions beyond the 'email' and 'public_profile' and I'm using the default authentication as below:
app.get('/auth/facebook', passport.authenticate('facebook'));
However, Facebook login dialog that popups up is adding the "friends list" by default (see screenshot below).
I also tried explicitly adding the two default permissions as below:
app.get('/auth/facebook', passport.authenticate('facebook'), {
scope: ['email', 'public_profile']
});
However, for some reason the 'user_friends' permission is still being requested (or offered?) . As per Facebook App Login Review policy (https://developers.facebook.com/docs/facebook-login/permissions), asking for user_friends requires Facebook App Review process. What I'm not sure about is why it is automatically asking for the user_friends permission when I don't need it and am not asking for it. Any ideas?