Home/ Questions/Q 7194173
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T20:19:04+00:00

I’m running into a situation where requesting a list of permissions that a user

  • 0

I’m running into a situation where requesting a list of permissions that a user has granted to a canvas application intermittently returns an empty array.

The graph request would look something like this:

https://graph.facebook.com/%5Buid%5D?access_token=%5Btoken%5D&fields=permissions

Typically, a normal response would look something like this:

"permissions": {
  "data": [
    {
        "installed": 1,
        "email": 1,
        "bookmarked": 1,
        "publish_actions": 1
     }
  ]
}

Occasionally though the response looks like this:

"permissions": {
  "data": [

  ]
}

The code equates this situation to the user having not granted any permissions and restarts the auth flow. The problem appears to be intermittent, because the users eventually make their way into the application and if I manually retry some of the failed requests I find in logs the permissions are returned as expected.

Looking at the User API docs (http://developers.facebook.com/docs/reference/api/user/), it looks like permissions that are not granted are excluded. It’s not clear from the documentation what happens when no permissions are granted. One would assume an empty map, which would render a response something like:

"data": [
  {
  }
]

However, even if the response is an empty array, the point in the code where this request is made should not be reachable without accepting a least some permissions.

This leaves me with a few questions that I’m hoping someone with relevant knowledge can answer:

  1. Are there any circumstances under which the permissions granted by the user to the application are not available via the Graph API?
  2. Are there any circumstances under which a canvas application can be authorized by the user without granting any permissions? (cancelling the auth dialog results in a request with additional query string params, which is handled differently)
  3. Are there any circumstances under which a user can revoke initially-granted permissions without de-authorizing the application?

Edit:

Based on the discussion below I would like to clarify that my app requires the email permission, which does not appear to be revocable. The app has always required the email permission, so there shouldn’t be a case of an older install without that permission.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    1. Nope, not to my knowledge.
    2. That situation is called basic permissions, where no additional permissions are specified in the scope parameter during login
    3. Yes, the app user can revoke certain permissions. Go to (http://www.facebook.com/settings?tab=applications) and click edit on one of the apps (for example Groupon or Music or YouTube) and you can see there’s certain permissions that can be removed by the user at any time. So it is good your app reads the permissions it still has available to it. It might save you some wasted graph calls to objects/actions you’re no longer able to get.
    • 0