Following on from the template PHP facebook application I described, I want to cover facebook permissions. Specifically, how can you get the authority to write on a user’s wall, or send them email?
The internet, as I am sure you have found out, is awash with a variety of walkthroughs and guides documenting the process. Most of them don’t seem to work though. This isn’t because they are bad. Its because Facebook seem to move the goalposts themselves. The code probably did work when it was posted, but that is no longer the case.
I have no idea of the shelflife of this article, but I do know that on May 1st 2011 it was working fine!
Up until now, we have been using the following line to authorise our applications:
$url = $facebook->getLoginUrl(array('canvas' => 1, 'fbconnect' => 0));
If you use that, you get a screen like the one below when you try and run the application:
However, if your application is authorised like that, and you try to post to a user’s stream, it doesn’t give you an error. Nor does it ask for permission. Instead, it goes into an endless loop.
A search on setting permissions reveals lots of conflicting data, however, the following permission list is useful.
From that list, we can see that the publish_stream permission is what we are after. But how do we apply that to our getLoginUrl line? I tried simply adding “publish_stream=1”, however, that didn’t work. I eventually found some code which showed the correct technique:
$url = $facebook->getLoginUrl(array( 'canvas' => 1, 'fbconnect' => 0, 'req_perms' => 'email,publish_stream,status_update,user_birthday,user_location,user_work_history'));
NB: if you are using PHP SDK Version 3 you will need to use the following instead:
$url = $facebook->getLoginUrl(array( 'scope' => 'email,publish_stream,status_update,user_birthday,user_location,user_work_history' ));
The array can also contain other values too:
$url = $facebook->getLoginUrl(array( 'scope' => 'publish_stream,status_update', 'redirect_uri' => $canvasUrl.'main.php' ));
If you do that, you get the following permissions screen:
So, first you need to decide what permissions you want, then add them to the ‘req_perms’ string.