How can I specifiy what access I need from my user

2020-06-04 09:10发布

When you use OmniAuth to login to a web app through Facebook, these are the permissions the webapp has:

Access my basic information Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.

Send me email WebApp may email me directly at

Access my data any time WebApp may access my data when I'm not using the application

Whereas when you use the mini_fb gem to link a web app to Facebook, these are the permissions (have to specify this as code otherwise formatting was weird):

Access my basic information
Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.

Send me email
WebApp may email me directly at ·

Access my profile information
Likes, Music, TV, Movies, Books, Quotes, About Me, Activitie...s, Interests, Groups, Events, Notes, Birthday, Hometown, Current City, Website, Religious and Political Views, Education History, Work History and Facebook StatusSee More

Online Presence

Access my family & relationships
Family Members and Relationship Status

Access my photos and videos
Photos Uploaded by Me, Videos Uploaded by Me and Photos and Videos of Me

Access my friends' information
Birthdays, Religious and Political Views, Family Members and... Relationship Statuses, Hometowns, Current Cities, Likes, Music, TV, Movies, Books, Quotes, Activities, Interests, Education History, Work History, Online Presence, Websites, Groups, Events, Notes, Photos, Videos, Photos and Videos of Them, 'About Me' Details and Facebook StatusesSee More

Post to my Wall
WebApp may post status messages, notes, photos, and videos to my Wall

Access messages in my inbox

Access posts in my News Feed

Access my data any time
WebApp may access my data when I'm not using the application

Access Facebook Chat

Send me SMS messages
WebApp may send SMS messages to my phone:

Manage my events
WebApp may create and RSVP to events on my behalf

Access my custom friend lists

Access my friend requests

WebApp may access Insights data for my pages and applications

Manage my advertisements

I'm using OmniAuth at the moment, and would like to keep doing so, but my app needs more permissions, like some of the extra ones that mini_fb has. Does anyone know how I can customize OmniAuth to request extra permissions?

2楼-- · 2020-06-04 09:30

You can check on option using the :scope attribute:

use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access, your,scope,you,want'}

Check the Facebook permissions documentation what scope you really want and define it separate by a commant on :scope option.

If you use an initializer to define your OamniOauth, it's like that:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => 'email,offline_access, your,scope,you,want'}
3楼-- · 2020-06-04 09:33

If you are using devise (like me) the easiest solution is to have both 'devise' and 'omniauth-facebook' in your Gemfile. Then in your devise initializer you can just add:

config.omniauth :facebook, "app", "secret", :scope => "user_photos"

This does the trick pretty well. Adding the omniauth initializer with devise set-up

登录 后发表回答