When you use OmniAuth to login to a web app through Facebook, these are the permissions the webapp has:
Access my basic information Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.
Send me email WebApp may email me directly at email@email.com
Access my data any time WebApp may access my data when I'm not using the application
Whereas when you use the mini_fb gem to link a web app to Facebook, these are the permissions (have to specify this as code otherwise formatting was weird):
Access my basic information
Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.
Required
Send me email
WebApp may email me directly at email@email.com ·
Required
Access my profile information
Likes, Music, TV, Movies, Books, Quotes, About Me, Activitie...s, Interests, Groups, Events, Notes, Birthday, Hometown, Current City, Website, Religious and Political Views, Education History, Work History and Facebook StatusSee More
Required
Online Presence
Required
Access my family & relationships
Family Members and Relationship Status
Required
Access my photos and videos
Photos Uploaded by Me, Videos Uploaded by Me and Photos and Videos of Me
Required
Access my friends' information
Birthdays, Religious and Political Views, Family Members and... Relationship Statuses, Hometowns, Current Cities, Likes, Music, TV, Movies, Books, Quotes, Activities, Interests, Education History, Work History, Online Presence, Websites, Groups, Events, Notes, Photos, Videos, Photos and Videos of Them, 'About Me' Details and Facebook StatusesSee More
Required
Post to my Wall
WebApp may post status messages, notes, photos, and videos to my Wall
Access messages in my inbox
Access posts in my News Feed
Access my data any time
WebApp may access my data when I'm not using the application
Access Facebook Chat
Send me SMS messages
WebApp may send SMS messages to my phone:
Manage my events
WebApp may create and RSVP to events on my behalf
Access my custom friend lists
Access my friend requests
Insights
WebApp may access Insights data for my pages and applications
Manage my advertisements
I'm using OmniAuth at the moment, and would like to keep doing so, but my app needs more permissions, like some of the extra ones that mini_fb has. Does anyone know how I can customize OmniAuth to request extra permissions?
You can check on option using the :scope attribute:
use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access, your,scope,you,want'}
Check the Facebook permissions documentation what scope you really want and define it separate by a commant on :scope option.
If you use an initializer to define your OamniOauth, it's like that:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => 'email,offline_access, your,scope,you,want'}
end
If you are using devise (like me) the easiest solution is to have both 'devise' and 'omniauth-facebook' in your Gemfile. Then in your devise initializer you can just add:
config.omniauth :facebook, "app", "secret", :scope => "user_photos"
This does the trick pretty well. Adding the omniauth initializer with devise set-up
来源:https://stackoverflow.com/questions/4062065/how-can-i-specifiy-what-access-i-need-from-my-users-facebook-accounts-when-usin