Announcement Announcement Module
No announcement yet.
Facebook permissions exception when calling getUserProfile(friendId) Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Facebook permissions exception when calling getUserProfile(friendId)

    Why would calling facebook.userOperations().getUserProfile(friendId) cause the following exception? I wasn't aware any special permissions were required for this call. Is it really some other issue that gets mistranslated into an "Insufficient permission for this operation"?

    Code: Insufficent permission for this operation.
    	at org.springframework.web.client.RestTemplate.handleResponseError(
    	at org.springframework.web.client.RestTemplate.doExecute(
    	at org.springframework.web.client.RestTemplate.execute(
    	at org.springframework.web.client.RestTemplate.getForObject(

  • #2
    There are 3 cases where an InsufficientPermissionException gets thrown:
    - When the error from FB says "Requires extended permission"
    - When the error from FB says "Permissions error"
    - When FB returns "false"

    It looks like you're getting the last case. For some reason, Facebook's API sometimes returns "false" when requesting an object that the user doesn't have permission. I've seen this happen when the object is a user that has locked down their profile so that nobody can see it and when the object is a page requiring the viewing user to meet some age requirements (e.g., a page for alcohol project when the user viewing the page is under a certain age).

    I'm not sure if either of these cases fit your situation or if there is some other reason why it's happening. What I do know (based on the stack trace) is that Facebook didn't return any useful information for the user you requested--it simply returned "false". Any other information about the user you're requesting that might be helpful in determining why FB returned "false"?


    • #3
      I'm adding more debug statements for when this happens again. Basically what I know is when this happens, it's from retrieving a profile of a user's friend. There's a slight chance their access_token expired, but I really doubt that (I ask for offline_access permission). There's also the unlikely possibility that the user had a friend in the previous step of my app, removed the friend from Facebook and then selected that friend for the next step of my app.


      • #4
        Well, if you asked for offline_access, the token won't expire...and even if it did, you should get an ExpiredAuthorizationException, not an InsufficientPermissionException. However, it is possible that if you are asking for a user who no longer exists, you might get a null back. That's the scenario I'm leaning toward.

        It's unfortunate that Facebook returns false for cases like this instead of a real error. This was brought up as a question at the F8 Hack event a few weeks ago and the response from the FB platform team was simply that the error handling leaves a lot to be desired.

        The false response leaves FacebookErrorHandler with no information to work off of when deciding which exception to throw. Perhaps the null case should be changed to throw something else such as UncategorizedApiException. It'd still be up to the catcher of that exception to decide what to do...with no information to work with, either.