Launching the Improved Auth Dialog
by Matin Movassate - January 18, 2012 at 11:00am

Over the past few months, we’ve been testing and iterating on the new Auth Dialog to incorporate feedback from users, developers and other third parties. By introducing new ways for people learn about an app and giving them more control over their data, we believe this update will benefit both users and developers. Today, we’re making the improved version available and announcing the migration plan for developers.

More Control & Clarity for Users
Similar to the inline privacy controls people have when they post content, we are introducing a new, inline privacy setting that allows a user to control who can see their app activity on Facebook. With this setting, people can share their app activity with as large or small an audience as they'd like.

We have added headline and description areas, so developers can help people can learn about their apps before installing them. There is also a new area of the dialog to let people know when they're installing a Timeline app, which will share their activity in the app on Facebook. As we've previously described, we encourage developers to carefully consider their users' expectations and whether they should build separate in-app privacy controls.

Optional Permissions
It’s important for people to understand how permissions like 'publish_stream' and 'create_events' are used, so we’re moving extended permissions to a second screen, so they’re easier to review, and we’re making them optional for users. With this change, we’re also providing a new area that lets developers explain why they are requesting the optional permissions.

As part of our ongoing efforts to improve privacy protections for Facebook users, we are also deprecating the 'offline_access' permission. Instead, we are providing developers a method to reset the expiration time for valid, existing access tokens when a user interacts with their app.

There are no changes required for most apps, but developers utilizing the 'offline_access' permission will have until May 1, 2012 to update their apps. Learn more about upgrading access tokens.

Authenticated Referrals
Along with the new dialog, we are making Authenticated Referrals available to developers. If you're building a social app, where all of your users are Facebook users, this new product will streamline the authentication process. By enabling the feature, the permissions dialog will be displayed inline when people click any link to your app on Facebook, enabling you to personalize people's experiences the moment they arrive at your app.

Implementation & Required Steps
The new Auth Dialog is starting to rolling out today for web, mobile and desktop apps. You can start using it in your app by enabling the “Enhanced Auth Dialog” setting in the Developer App. When you upgrade to the new dialog, be sure to also provide a compelling, headline and description via the Developer App and verify that your apps don’t break if users deny optional permissions (see tutorial).

On February 1, 2012, all apps will be enabled for the improved dialog, but those that haven’t fully configured their dialog can disable the setting in the Developer App until February 15, at which time it will be turned on for all apps.

We appreciate the feedback we’ve received during the development of the new dialog over the past few months. If you have any questions or any additional thoughts, please post them to the comments below.