I am using python-social-auth to log users in to my we application. Everything works as expected to create user accounts, log them in, etc.
Now I am also requesting the publish_actions permission from the user. When I do this, I see the request step when I try to log in, so I know Facebook is being asked for this permission properly. However, I can't figure out how to discover from the response whether the user approved this permission. I want to store this so that I only expose the right parts of the UI based on the user's choice to allow or deny the permission.
Here's how I request the permission:
SOCIAL_AUTH_FACEBOOK_SCOPE = [ 'email', 'publish_actions' ]
And for extra params I have the following:
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {
'fields': 'id,name,email',
}
I needed to add email to the list to expose the email value returned from FB to my authentication pipeline.
If I try to add publish_actions to this field, the pipeline is interrupted and the authentication is cancelled:
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {
'fields': 'id,name,email,publish_actions', # <-- this causes a failure in auth pipeline
}
Without publish_actions noted as an extra param, I can't see any other data that indicates whether the user approved the permission. How do I discover this?
You can make a request for /me/permissions/ using the user access token, that will show you which permissions the user has granted to your app.
You can also make the login dialog return the granted scopes directly in the direct URL (see parameter return_scopes) – whether or not that can easily be added to the login dialog from within your framework, I don’t know.