Permissions in Limited Login
Developers offering Limited Login to log in to their apps can request the following permissions from users during login. Note that not all permissions are available between Facebook App Types and often require App Review before they can be used outside of development mode.
See the following sections:
Available Permissions
| Permission | Description | iOS SDK Release Version | Unity SDK Release Version |
|---|---|---|---|
| Requests basic details about the user, including their User ID, Name, and Profile Picture. | 9.0.0 | 9.0.0 |
| Requests the user’s email address indicated on their Facebook profile. | 9.0.0 | 9.0.0 |
| Requests basic Gaming Profile details for the user, including their User ID and Avatar Name. Note: This permission is used in place of the | 9.0.0 | 9.0.0 |
| User's first name and profile picture. | 9.0.0 | 9.0.0 |
| Requests the user’s age range, indicated on their Facebook profile. | 9.2.0 | 9.1.0 |
| Requests the user’s birthday, indicated on their Facebook profile. | 9.2.0 | 9.1.0 |
| Requests the user’s list of friends that have installed the app and granted access to the user_friends permission. | 9.2.0 | 9.1.0 |
| Allows your app to read a person's gender as listed in their Facebook profile. | 11.0.0 | 11.0.0 |
| Allows your app to read a person's hometown location from their Facebook profile. | 11.0.0 | 11.0.0 |
| Allows your app to access the Facebook profile URL of a person using your app. | 11.0.0 | 11.0.0 |
| Allows your app to read the city name as listed in the location field of a person's Facebook profile. | 11.0.0 | 11.0.0 |
| Allows a business to contact a person via Messenger upon their approval or initiation of a chat thread with the business's Page. | 11.0.0 | 11.0.0 |
Key Considerations for user_friends with Limited Login
Limited Login ASIDs
When you use Limited Login to request user_friends from a user, we will provide you with a list of app scoped IDs (ASIDs) associated with the friends of the authorizing user, if the friends have also granted your app the user_friends permission. Depending on how you have implemented Limited Login, some of the ASIDs on this list may represent other users that have connected to your app using Limited Login. To ensure that Limited Login safeguards are maintained for such users, do not make Graph API calls using their ASIDs. Instead, continue to rely on Limited Login for these users.
Visibility of user_friends
In both Classic and Limited Login, the user_friends permission provides access to a list of the user’s friends who have also installed the app and granted the user_friends permission. This means that when receiving the list of a user’s friends during authentication for the first time, it will include their friends who are existing users of your app. However those friends would not have had the authenticating user on their friends lists because that user had not yet installed your app and granted the user_friends permission.
An example of this is as follows:
- User A and User B are Facebook Friends who do not use the developer’s app.
- User A logs into and grants access to the
user_friendspermission to a developer’s application. - User B will not be on User A’s friend list returned by Facebook Login. This is because User B has not granted the application the
user_friendspermission. - User B logs into and grants access to the
user_friendspermission to the same application. - User A will be on User B’s friend list returned by Facebook Login because User A is an existing user of the app that had previously granted
user_friendspermission.