amastour / socialauth

Automatically exported from code.google.com/p/socialauth
0 stars 0 forks source link

requesting more permissions post login #366

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
So its more of a questions than an issue, but I don't know where to post it, so 
I give it a try here:
I want to the user to give as few permissions as possible when logging in and 
then when he wants to share something, extend the permissions but I don't know 
how to proceed properly.
I tried to catch the permission denied exception(which works fine) and then 
call this method:
{{{
public void permission(SocialAuthManager manage) throws Exception
    {
        SocialAuthConfig conf = new SocialAuthConfig();
        conf.load("oauth_consumer_extended.properties");
        manager.setSocialAuthConfig(conf);
        String authenticationURL = manager.getAuthenticationUrl("facebook", successURL);
        HttpSession session = StaticUtil.getSession();
        session.setAttribute("authManager", manager);
        FacesContext.getCurrentInstance().getExternalContext().redirect(authenticationURL);

    }
}}}

Here I load in a new .properties file which has the required permissions, while 
debugging, I found out, that the authenticationURL is already the 
landingpage(instead of graph.facebook....) which I guess is due to user already 
being logged in. Now: Is this the right approach or is there a much simpler 
possibilty to achieve this?
And if it is, what am I doing wrong?

note, i only use facebook as a provider

thanks in advance, andy help is appreciated

Original issue reported on code.google.com by a.brueni...@gmail.com on 9 Sep 2014 at 12:05

GoogleCodeExporter commented 8 years ago
You cannot ask permission post login. You have to add the required permission 
in properties file as given below:-

#you can set custom permission by using custom_permissions with provider prefix.
graph.facebook.com.custom_permissions = publish_stream,email,user_birthday

so you can add the permissions here but you need to add all the required 
permission. When this file will be loaded then only these permission will be 
used for authorization.

Regards
Tarun

Original comment by tarun.na...@3pillarglobal.com on 6 Oct 2014 at 4:12