I mentioned at a few points throughout the OAuth 2 Facebook examples that
we would dive deeper into the topic of scopes. You might remember that
we used the
scope parameter in the
URI where the user was forwarded to go through the authorization
//construct Facebook auth URI $auth_url = $authorization_endpoint . "?redirect_uri=" . $callback_url . "&client_id=" . $key . "&scope=email,publish_stream,manage_pages,friends_about_me";
The purpose of the
parameter is to allow an application to request certain social
information from a user.
Some providers bind these scopes directly to the application ID
or key issued when you first create your application instead of
dynamically in the initial OAuth request token request. This means
that they do not require a
parameter in that initial request. Providing the
scope parameter, such as in this Facebook
implementation, allows you to define scopes in a very dynamic
Facebook includes an extensive number of scopes that we can include as a comma-separated list in the authorization request.
Data permissions will allow your application to access information about a user, or a user’s friends (in the form of a friend request), as shown in Table 9-10.
Table 9-10. Data permissions
Enables your application to manage ads and call the Facebook Ads API on the user’s ...