Search code examples
facebookfacebook-graph-apifacebook-ios-sdk

Revoking permissions in Facebook iOS SDK v4.x not updating currentAccessToken permissions

In my app, I want to revoke Facebook's publish_actions permission using v4.x of Facebook's iOS SDK. (I'm using FBSDKCoreKit, FBSDKLoginKit, and FBSDKShareKit as pods on version 4.5.1.) It's working sort of as I would expect - it returns as successful and when I use the Graph API Explorer to get my permissions afterwards, it shows that publish_actions is declined. However, if I check permissions on the FBSDKAccessToken locally after doing so, it doesn't say publish_actions have been declined. I assume that's because FBSDKAccessToken is cached. Since I didn't see in the docs that updating it was required, I assume I missed something or am just doing something wrong. So I wonder if anyone has encountered this and has a fix for it.

The code I'm using to revoke the permission is below:

request = FBSDKGraphRequest.alloc.initWithGraphPath("me/permissions/publish_actions",
                  parameters: {"fields" => ""},
                  tokenString: FBSDKAccessToken.currentAccessToken.tokenString,
                  version: nil,
                  HTTPMethod: "DELETE")
connection = FBSDKGraphRequestConnection.new

connection.addRequest(request, completionHandler: lambda {|connection, result, error|
  if !error && result["success"] == true
    # Revoking the permission worked
  else
    # Things went wrong
  end
})
connection.start
Solution

  • I figured this out. I thought FBSDKAccessToken's refreshCurrentAccessToken triggered another re-auth but it doesn't. So simply calling that after revoking permissions will refresh the permissions state. Just like the docs say! Here's my full method:

    request = FBSDKGraphRequest.alloc.initWithGraphPath("me/permissions/publish_actions",
                  parameters: {"fields" => ""},
                  tokenString: FBSDKAccessToken.currentAccessToken.tokenString,
                  version: nil,
                  HTTPMethod: "DELETE")
connection = FBSDKGraphRequestConnection.new

connection.addRequest(request, completionHandler: lambda {|connection, result, error|
  if !error && result["success"] == true
    # if revoke is successful, refresh permissions cache so
    # FBSDKAccessToken no longer says publish_actions is enabled
    FBSDKAccessToken.refreshCurrentAccessToken(lambda {|connection, result, error|
      # FBSDKAccessToken permission state is up to date
      alertTitle = "Permission successfully revoked";
      alertText = "This app will no longer post to Facebook on your behalf."
    })
  else
    alert("There was an error", error.description)
  end
})
connection.start