Facebook PHP SDK 4.0 – Re-asking declined permissions

UPDATE:

Facebook PHP SDK now uses getReRequestUrl() method of FacebookRedirectLoginHelper class to generate a URL to rerequest denied permissions from a user.

public string getReRequestUrl(string $redirectUrl, array $scope = [], string $separator = '&')

Read the documentation here.

So I was testing Facebook Login integration on the website www.treasherlocked.com that I have been developing since a while. Permissions like email and user_location were required by the web app. So, it was programmed to re-ask the denied permissions with Login Dialog if a user denies any.

$facebook = new Facebook(APP_ID, APP_SECRET, REDIRECT_URI);
    if ( $facebook->IsAuthenticated() ) {
        // Verify if all of the scopes have been granted
        if ( !$facebook->verifyScopes( unserialize(SCOPES) ) ) {
            header( "Location: " . $facebook->getLoginURL( $facebook->denied_scopes) );
            exit;
        }
        ...
    }

Note: $facebook is a custom class that I built and not a part of Facebook PHP SDK. 

But it wasn’t showing the Login Dialog again when permissions were denied. Instead Facebook was redirecting to Redirect URI, creating a redirect loop. I even asked on Stackoverflow but got no answer. As I was approaching the deadline, I couldn’t afford waiting much and kept on looking for solutions. After hours of googling I landed on a Facebook Login API doc page that actually addresses this issue. All that needs to be done is append a rerequest = true paramater to the login URL’s query string. But this feature was not yet implemented in Facebook PHP SDK 4.0. There was a proposal on GitHub for this feature though. So I took the liberty of forking the project and made a small change in getLoginURL() method’s prototype and definition in FacebookRedirectLoginHelper class. getLoginURL() prototype then looked like

public function getLoginUrl($redirectUrl, $scope = array(), $rerequest = false, $version = null)

I sent a pull request to the project repo which was quickly merged. (Read this article if you want to know how to contribute to an open source project if you aren’t contributing already.)

So, if you need to re-ask declined permissions, all you have to do is pass true to the third parameter. The code on the callback script will look something like the following.

<?php
...
$helper = new FacebookRedirectLoginHelper();

if ($permissions_were_declined) {
    header("Location: " . $helper->getLoginUrl( $redirect_uri, $declined_scopes, true );
    exit;
}
...
?>
 

One thought on “Facebook PHP SDK 4.0 – Re-asking declined permissions

Leave a Reply

Your email address will not be published. Required fields are marked *