[source-facebook-marketing] new Facebook apps unable to upgrade access to necessary permissions and features

[brunopini]

Connector Name

source-facebook-marketing

Connector Version

2.0.0

What step the error happened?

Configuring a new connector

Relevant information

Facebook has changed the way they are dealing with advanced access review processes for certain permissions, such as business_management, ads_read and ads_management.

These permissions, on new Facebook apps, are now being treated as Tech Provider specific:

If you try to request advanced access, this is prompted before you are allowed to continue:

And if you answer no, you are denied the upgraded access:

If you answer yes to any, you are now redirected to an Access Verification process which is specific for companies handling data from other companies - not the case for most users here I would guess (certainly not mine).

I've been in touch with Facebook's support for the past weeks, but they seem as confused as I am. It also concerns me I haven't found any other issues reporting this, although I've tried absolutely everything to fix this and miserably failed.

I still don't understand why the API calls are being flagged as tech provider, and why the "Ads Management Standard Access" alternative permission is not even showing up as being used:

At this point I'm almost trying to develop my own custom Facebook Marketing connector to see if it solves, but I'm opening this issue before trying, so hopefully someone calls me dumb and offers a simpler solution. I'm willing to get my hands dirty, but at this point it's unclear the path to follow.

Relevant log output

No response

Contribute

• [X] Yes, I want to contribute

[raphaccgil]

I am facing a similar problem in my company too.

[brunopini]

Quick and vague update since I see new labels here: I managed to schedule a meeting with a Facebook rep for tomorrow. His last comment on my case is:

They received the Access Verification request because one or more app(s) are currently using some privilege permissions at advanced access level, which triggered AV request. They can find the current permissions for an app through this link: https://developers.facebook.com/apps/{YOUR_APP_ID}/app-review/permissions/ (replace "{YOUR_APP_ID}" with the real app ID) If they are not a Tech Provider, advanced access is not deemed as required, standard access should be enough. They can choose to downgrade the access on their own, or once AV grace period has ended they will be downgraded automatically. No need to submit the AV form or worry about the alerts and deadlines.This should not disrupt the integration, assuming they are admins of all the assets they are trying to manage.Please review the dev doc on Tech Providers: https://developers.facebook.com/docs/development/release/tech-providers/ and access verification: https://developers.facebook.com/docs/development/release/access-verification

This doesn't make sense to me because:

1. I'm still not 100% sure why the "privilege permissions" are being used;
2. I'm getting heavily rate limited without the advanced access.

On the possible reasons for item 1 above, I think it might have something to do with the way the access token is being generated (with user oauth flow delegation and without assigning a role to the user), but so far I've been unsuccessful at solving it (I'm unable to add a role to any users and did not find an alternative working access token flow - I tried using the app's access token directly and a system user's access token, both resulted in errors).

On Thursday I'll update with any new info.