Permissions with Facebook Login

When a person logs into your app via Facebook Login you can access a subset of that person's data stored on Facebook. Permissions are how you ask someone if you can access that data. A person's privacy settings combined with what you ask for will determine what you can access.

Requesting & RevokingReviewPermissions Reference

Facebook Login Example

Permissions are strings that are passed along with a login request or an API call. Here are two examples of permissions:

  • email - Access to a person's primary email address.
  • user_likes - Access to the list of things a person likes.

For example, if you add the login button to a web app and ask for email and user_likes via the scope parameter, a person would be prompted with this dialog when logging in for the first time:

Your app has requested a person's email address and the things they like but that request also automatically asks for access to a person's public profile. The full list of permissions, including defaults, is included in this document (see section: Reference).

We provide similar mechanisms for iOS and Android. Links are provided for each platform later in this document.

When to ask for Permissions

Your app can ask for additional permissions at any time, even after a person logs in for the first time. For example, the publish_actions permission lets you post to a person's Facebook Timeline. It's recommended you ask for this permission only when a person is ready to publish a story to Facebook. When you ask for new permissions, the person using your app will be asked about those new permissions and has the ability to opt out. For more information, see Optimizing Permissions Requests.

Permissions only need to be granted once per app, i.e. permissions granted on one platform are effectively granted on all the platforms your app supports.

User Control

Facebook Login allows a person to grant only a subset of permissions that you ask for to your app, except for public profile, which is always required. This is available as a separate screen in the login dialog when you ask for permissions:

Your app should handle the case where someone had declined to grant your app one of the permissions you requested.

Revoked Permissions

People can also revoke permissions granted to your app in Facebook's interface at any time after they have logged in. It is important that your app regularly checks which permissions have been granted, especially when launching on a new platform. We provide methods for you to check what permissions are currently granted to your app.