Announcement Announcement Module
No announcement yet.
Approach for adding Facebook permissions Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Approach for adding Facebook permissions

    First off, Spring Social is great, many thanks for it, and this helpful forum as well.

    I have a Web app into which I've integrated Spring Social. So far the social features I've added are mostly just signing in with Twitter and Facebook, as well as attaching Twitter/Facebook accounts to existing user accounts (for folks who registered for the site before I rolled out these new features, so they can sign in to their existing accounts with Twitter/Facebook).

    Now I'd like to add Timeline integration for users who've connected a Facebook account. I'd like to make this an additional opt-in for folks with connected Facebook accounts, rather than part of the base set of permissions my app requires (which is currently actually none).

    So I'm wondering what is a good way to handle this? I need to send the user to Facebook to have them grant my app an additional permission. I also want to track locally what permissions they have enabled (specifically just "publish_actions" for now).

    I think I am mostly looking for a way to use the ConnectController and in that process somewhere determine that the user is just coming back from granting an additional permission on Facebook (and not coming back from initially authorizing my app).

    Any thoughts or suggestions would be greatly appreciated.
    Last edited by sdouglass; Apr 15th, 2012, 01:39 AM.

  • #2
    Interestingly enough, this is something I've been thinking a lot about lately. I recognize that Spring Social doesn't clearly define (either in code or with any guidance) on how to "up" the permissions for a user. And I'd like to fix that. Honestly, although I've been thinking about it, I haven't had opportunity to try anything yet. It's also the subject of

    My initial thought is that you'd need to go through the connection flow again, only with a new set of scopes. Can you do this by triggering the connection flow on ConnectController again? Probably, but you'd probably run into trouble at the end when it tries to create that connection again.

    Of course, you could always do it manually, without Spring Social's help. The upgrade permissions flow is simpler than the connection flow in that you simply redirect to Facebook (or whatever provider) with the new scope and then handle the callback. The access token should be the same as before (at least this is the case with Facebook...unsure about other providers), so there's no need to do anything with the callback other than have an endpoint to handle it. I still think that it'd be nice if ConnectController or some other controller provided this more seamlessly for Spring Social.

    I realize that's not a definitive answer, but it is a good starting point for discussion on this topic. I'll keep thinking about it and may even run a few experiments in the next few days to see what I can come up with.

    As for tracking what permissions have been enabled, you can do this for Facebook with UserOperations.getUserPermissions(). I'd recommend that you avoid keeping your own local DB of permissions, as the user can always go into Facebook and turn off individual permissions, making your local list of permissions invalid. For performance reasons, you could keep a local cache of permissions, but I'd make a point of sync'ing your local list up with what getUserPermissions() says often to avoid having a local list that's incorrect.