How can I specifiy what access I need from my user's Facebook accounts when using OmniAuth?

Question

When you use OmniAuth to login to a web app through Facebook, these are the permissions the webapp has:

Access my basic information Includes name, profile pictu         


        

Answer 1

You can check on option using the :scope attribute:

use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access, your,scope,you,want'}

Check the Facebook permissions documentation what scope you really want and define it separate by a commant on :scope option.

If you use an initializer to define your OamniOauth, it's like that:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => 'email,offline_access, your,scope,you,want'}
end

Answer 2

If you are using devise (like me) the easiest solution is to have both 'devise' and 'omniauth-facebook' in your Gemfile. Then in your devise initializer you can just add:

config.omniauth :facebook, "app", "secret", :scope => "user_photos"

This does the trick pretty well. Adding the omniauth initializer with devise set-up