I am starting development on a Facebook app and noticed a peculiarity while using the MVC4 Facebook App template. The default login flow requests basic public profile info and friends list (as expected), upon granting that permission the user is prompted to
grant the email and photos extended permissions. If granted everything works as expected. However, if the user opts to skip these extended permissions they are simply prompted to grant them again and thus the loop begins.
My understanding is that at this point the user should be redirected to the AuthorizationRedirectPath (by default Home controller > Permissions action) which should then display the permissions required and provide a button to start the request again. The
advantage here is that, in accordance with the Facebook developer login recommendations, where possible, permission requests should be delayed until said permissions are about to be used.
I found the issue in FacebookAuthorizeFilter. On
null is passed through (i.e. no extra permissions are being requested when constructing this login url) to request basic login permissions only. This makes sense, of course. The problem occurs on
is set to false as
doesn't return any
query parameter. This causes the check on
to skip the AuthorizationRedirectPath process and just repeat the previous request with the missing permissions.
I wonder if the Facebook process changed at some point as the current query parameters returned at the point of failure (when the user opts to skip granting the extended permissions) only contain a
and not the expected
Any assistance would be greatly appreciated