Facebook Rights

Tag: facebook Author: abc881208 Date: 2009-08-04

I have started to look into if it is possible to use facebook connect as openid for my blog and some other pages. The only thing I am interested in is to know if a user is authorized by facebook and if so get some kind of id from that person (not required to be something that I can link to a person on facebook myself but that I can ban that person from my blog or to see if it is the same anonymous person that are coming back). If this possible without having the user a accept this?

Allowing XXX access will let it pull your profile information, photos, your friends' info, and other content that it requires to work.

I believe that many people don't want a page to have access to all that stuff and I am not interested to have access to those stuff. I can of course then ask for this later if I for example want to retrieve their names or post on their feeds, but still is it all or nothing?

I mean I personal could allow someone to get my Id and name and maybe allow a page to post something in my feed if I accept just that and not that the application should have access to all my other somewhat private data.

Best Answer

When someone logs into your site/app with Facebook Connect, Facebook will provide you with their Facebook ID and a session identifier, which you can then utilize for API calls. No other data is provided unless you use the API to request it.

Users, however, have control over their own privacy settings, so they can choose to block personal information from being pulled by your Facebook Connect application. If someone was truly concerned that your app would be pulling their data out, they can change their settings to prevent this.

As a developer, you have to abide by Facebook's terms, which includes not storing profile information for more than a temporary period. If you wanted, you could include a privacy statement saying that you're not interested in any profile data and that your app doesn't pull it, you only use Facebook for logins. I'm sure people would appreciate knowing that, but I don't think it's overly important for the success of an application.


I will lock into how to get their id and session identifier without having them to accept all that stuff. Since this is for my private blog, I believe that people are concerned with what I (their friend in IRL and maybe not in facebook) can see or not.
Another question, how do I limit an application? I have never used third part applications since I don't trust them with what they can access. Is it possible to restrict this before allowing the application? If it is afterwards the damage my already have been done.
Your users don't have to accept anything to be able to log in using Facebook Connect. They are actually informed at log-in time that they are giving your application access to thier data. For your second question, your privacy settings can be accessed from the Settings menu at the top right after you log into Facebook. There are controls for Privacy, as well as specific controls for applications.
Thank you for the quick answer. Then I am doing something wrong because if I run this code: $facebook = new Facebook($api_key, $api_secret); $facebook->require_login(); Then I get redirected to the page where I have to accept all the stuff I quoted in my post.