Handling Declined Permissions
When people create accounts or log into your app using Facebook Login, they have the opportunity to grant the permissions you request. But people also have an opportunity to decline all permissions except their public profile. People may choose to do this if they feel uncomfortable sharing this information with your app, or they don't understand how that information will be used to enhance their experience.
When people choose to decline permissions, its important your app respects their choice and still provides a great experience for people.
In general, your app may react in one of three ways:
Continue Without the Information
In some cases, a certain requested permission may not be required for your app to function. In this case, the simpliest thing to do is to respect permission decline and continue to lead them into the app.
In the example below, Flick Finder might be able to provide enhanced movie recommendations if it had access to the user_likes permission. But since the person declined that permission, Flick Finder just presents more generic recommendations.
This is the simplest option, and provides a great respectful experience to people who choose to decline certain permissions.
Explain Why and Reprompt
People may decline a permission because they don't understand why your app needs that information. In this case, your app could display a dialog explaining why you need the information and how it'll be used to enhance the experience.
In the example below Flick Finder displays a dialog explaining that with an email address, the app can send you updated when new movies become available. The “Add Email” button takes the person back to the Facebook Login flow where they can grant the email permission.
Note that in this example, the person still has the opportunity not to grant the email permission.
This strategy can be used for permission which is critical or highly desirable for the functionality of your app.
Collect the Information Yourself
Some pieces of information may be simple enough to collect for yourself.
In this example, Flick Finder wants to collect a person's birthday so it can recommend age-appropriate movies. If a person has declined to share their birthday when they logged in with Facebook, Flick Finder can still create a place to collect the information inside the app, separate from the Facebook Login flow. We recommend doing this after a person has had some time to familiarize themselves with your app, so they have a better understanding of how the permission will improve their experience.
Examples of information which might be collected this way includes user_hometown, user_location, user_birthday or even email.
Detecting Declined Permissions
When people decline permissions as part of a Facebook Login flow, we make it easy for your app to detect this and react using one of the strategies outlined above.
Android SDK
On Android, you can call the getDeclinedPermissions method on the AccessToken object in the Facebook SDK for Android.
iOS SDK
On iOS, you can call the [FBSDKAccessToken declinedPermissions] method in the Facebook SDK for iOS.
JavaScript SDK
To detect declined permissions, you can call the permissions edge on the User object of the Graph API. You can collect any declined permissions by iterating through the response:
FB.api('/me/permissions', function(response) {
var declined = [];
for (i = 0; i < response.data.length; i++) {
if (response.data[i].status == 'declined') {
declined.push(response.data[i].permission)
}
}
alert(declined.toString())
});API
To detect declined permissions, you can call the permissions edge on the User object of the Graph API:
GET https://graph.facebook.com/me/permissions?access_token=USER_ACCESS_TOKEN
which yeilds a response of the form:
{ "data": [
{
"permission": "user_birthday",
"status": "granted"
},
{
"permission": "public_profile",
"status": "granted"
},
{
"permission": "email",
"status": "declined"
}
]}This tells your app that the person granted the user_birthday and public_profile permissions, but chose to decline the email permission.
Summary
Elegantly handling declined permissions is an important part of providing a great Facebook Login experience to people.
Implementing one of the above strategies will ensure the people who download and install your app are able to log in without encountering disruptive and frustrating experience which affect your app's reputation and app store rating.