passport: Facebook Login asking for user_friends permission by default

1
votes

I'm building a node js app that uses passport for Facebook login. I'm following the instructions on https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/ for building the flow.

My app does NOT require any permissions beyond the 'email' and 'public_profile' and I'm using the default authentication as below:

app.get('/auth/facebook', passport.authenticate('facebook'));

However, Facebook login dialog that popups up is adding the "friends list" by default (see screenshot below).

enter image description here

I also tried explicitly adding the two default permissions as below:

app.get('/auth/facebook', passport.authenticate('facebook'), {
        scope: ['email', 'public_profile']
    });

However, for some reason the 'user_friends' permission is still being requested (or offered?) . As per Facebook App Login Review policy (https://developers.facebook.com/docs/facebook-login/permissions), asking for user_friends requires Facebook App Review process. What I'm not sure about is why it is automatically asking for the user_friends permission when I don't need it and am not asking for it. Any ideas?

1
node.jsfacebookfacebook-graph-apipassport.jspassport-facebook
Which FB API version are you using?Zilvinas
I'm using FB API 2.8Gaurav Jain

1 Answers

1
votes

It is automatically asking for the 'user_friends' permission because the 'user_friends' permission, just like 'public_profile' and 'email' are approved by default. Which means that you don't have to request it. But, for it to be availabe when your app goes live, you have to go through App review. So, as in your case, you don't want it, just don't submit it to App review and when your app goes live, it won't be requested to the user.