During basic login, your app receives access to a person's public profile. To access additional profile information or to publish content to Facebook on their behalf, you need to request additional permissions, see Permissions with Facebook Login.
Your app should manage permissions as follows:
Graph API Requests - Before you send Graph API requests, you should check for necessary permissions and request them if needed.
Missing and Revoked Permissions - Your app needs to deal with missing or revoked permissions errors from Facebook such as by asking for permissions and retrying. See Error-Handling, iOS SDK.
Timing Requests - You will get better conversion if you ask for permissions only when they are needed and provide functionality without requiring all permissions.
To ask for permissions on login with FBSDKLoginButton
, set the permissions
property:
let loginButton = FBLoginButton() loginButton.permissions = ["public_profile", "email"]
If you're using a custom login button instead of FBSDKLoginButton
, you can use a LoginManager
to perform the login:
override func viewDidLoad() { super.viewDidLoad() ... loginButton.addTarget(self, action: #selector(loginButtonClicked), for: .touchUpInside) } @objc func loginButtonClicked() { let loginManager = LoginManager() loginManager.logIn(permissions: ["email"], from: self) { result, error in // Process result or error } }
You should check the for availability of an existing token before you call the loginManager
. See Facebook Login for iOS
To check for current permissions, inspect the FBSDKAccessToken
.
if ([[FBSDKAccessToken currentAccessToken] hasGranted:@"email"]) { // TODO: publish content. } else { FBSDKLoginManager *loginManager = [[FBSDKLoginManager alloc] init]; [loginManager logInWithPublishPermissions:@[@"email"] fromViewController:self handler:^(FBSDKLoginManagerLoginResult *result, NSError *error) { //TODO: process error or result. }]; }
Inspect the FBSDKLoginResult
returned to the FBSDKLoginManager
callback or to the FBSDKLoginButton
delegate to see if someone declined a request for permissions:
FBSDKLoginManager *loginManager = [[FBSDKLoginManager alloc] init]; [loginManager logInWithPublishPermissions:@[@"email"] fromViewController:self handler:^(FBSDKLoginManagerLoginResult *result, NSError *error) { if ([result.declinedPermissions containsObject:@”email”]) { // TODO: do not request permissions again immediately. Consider providing a NUX // describing why the app want this permission. } else { // ... } }];
When you make Graph API requests, you can check the NSError
object to see of there are permission errors:
[[[FBSDKGraphRequest alloc] initWithGraphPath:@"me/feed" parameters:@{ @"message" : @"This is a status update" } HTTPMethod:@"POST"] startWithCompletionHandler:^(FBSDKGraphRequestConnection *connection, id result, NSError *error) { if ([error.userInfo[FBSDKGraphRequestErrorGraphErrorCode] isEqual:@200]) { NSLog(@"permission error"); } }];
For more information, see Error-Handling, iOS SDK.
Use FBSDKLoginManager
to request additional permissions or request previously declined permissions using the logInWith*:
methods. FBSDKLoginManager
will see it's a re-request by the availability of [FBSDKAccessToken currentAcccessToken]
.
You can enable someone to remove or revoke specific permissions previously granted to your app. For example your app can have a settings page where people can disable specific features.
Revoke permissions by making a call to a Graph API endpoint.
[[[FBSDKGraphRequest alloc] initWithGraphPath:@"me/permissions/email" parameters:nil HTTPMethod:@"DELETE"] startWithCompletionHandler:^(FBSDKGraphRequestConnection *connection, id result, NSError *error) { // ... }];
You can revoke all privileges for an app, by making a Graph API call that deletes all permissions. Use the code in Revoke Permissions and change the request's path to /me/permissions
.
For testing purposes you may want to unauthorize revoke permissions without using your app. You can use the Graph API Explorer to do so.
Get Token
> Get Access Token
.Clear
to unauthorize the selected app.To revoke a single permission:
/me/permissions/{permission-name}
while using the permission you want to remove for {permission-name}
, for example email
.GET
to DELETE
.Submit
button.