I want to trigger a Facebook login and I am accessing this URL:
https://www.facebook.com/dialog/oauth?client_id=398192236928167&scope=user_photos&response_type=token&redirect_uri=http://www.useralbum.com/callback.html
I am specifying scope=user_photos but the permission popup says:
App_name would like to access your public profile, friend list and photos
and it used to just say
would like to access your photos.
What am I doing wrong?
You are doing nothing wrong, the message
App_name would like to access your public profile, friend list
appears along with your permission because Facebook adds the basic Public Profile and Friend List permission to all the apps as a default, even if you are not asking for any permissions. And you cannot stop Facebook from adding these basic permissions so that you may have permission request like
App_name would like to access your photos.
Edit: if you request permission without defining any scope, accept it, then request another one with scope=user_photos, then it will just say App_name would like to access your photos.