How can I specifiy what access I need from my user

2020-06-04 09:26发布

问题:

When you use OmniAuth to login to a web app through Facebook, these are the permissions the webapp has:

Access my basic information Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.

Send me email WebApp may email me directly at email@email.com

Access my data any time WebApp may access my data when I'm not using the application

Whereas when you use the mini_fb gem to link a web app to Facebook, these are the permissions (have to specify this as code otherwise formatting was weird):

Access my basic information
Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.

Required
Send me email
WebApp may email me directly at email@email.com ·

Required
Access my profile information
Likes, Music, TV, Movies, Books, Quotes, About Me, Activitie...s, Interests, Groups, Events, Notes, Birthday, Hometown, Current City, Website, Religious and Political Views, Education History, Work History and Facebook StatusSee More

Required
Online Presence

Required
Access my family & relationships
Family Members and Relationship Status

Required
Access my photos and videos
Photos Uploaded by Me, Videos Uploaded by Me and Photos and Videos of Me

Required
Access my friends' information
Birthdays, Religious and Political Views, Family Members and... Relationship Statuses, Hometowns, Current Cities, Likes, Music, TV, Movies, Books, Quotes, Activities, Interests, Education History, Work History, Online Presence, Websites, Groups, Events, Notes, Photos, Videos, Photos and Videos of Them, 'About Me' Details and Facebook StatusesSee More

Required
Post to my Wall
WebApp may post status messages, notes, photos, and videos to my Wall

Access messages in my inbox

Access posts in my News Feed

Access my data any time
WebApp may access my data when I'm not using the application

Access Facebook Chat

Send me SMS messages
WebApp may send SMS messages to my phone:

Manage my events
WebApp may create and RSVP to events on my behalf

Access my custom friend lists

Access my friend requests

Insights
WebApp may access Insights data for my pages and applications

Manage my advertisements

I'm using OmniAuth at the moment, and would like to keep doing so, but my app needs more permissions, like some of the extra ones that mini_fb has. Does anyone know how I can customize OmniAuth to request extra permissions?

回答1:

You can check on option using the :scope attribute:

use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access, your,scope,you,want'}

Check the Facebook permissions documentation what scope you really want and define it separate by a commant on :scope option.

If you use an initializer to define your OamniOauth, it's like that:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => 'email,offline_access, your,scope,you,want'}
end


回答2:

If you are using devise (like me) the easiest solution is to have both 'devise' and 'omniauth-facebook' in your Gemfile. Then in your devise initializer you can just add:

config.omniauth :facebook, "app", "secret", :scope => "user_photos"

This does the trick pretty well. Adding the omniauth initializer with devise set-up