问题
This question is similar to How can I specifiy what access I need from my user's Facebook accounts when using OmniAuth? but has a caveat.
I'm using OmniAuth to authorize Facebook users on my website. For regular login/registration, asking the user for standard Facebook permissions are acceptable. But there is a feature on my site that requires extended permissions (access to their Facebook photos). I want to only ask for the extended permissions for users when/if they use our site's Facebook photo feature.
All answers I've found on the web on how to set facebook permissions for omniauth deal with just adding a scope option in your OmniAuth initializer, like so:
ActionController::Dispatcher.middleware.use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access,the,scope,you,want}
But I need to define the scope dynamically, so that only when users use the photo feature they get asked for the photo permissions, but not if they are just logging in or registering for the first time.
Anyone know how to do this? Thanks in advance.
回答1:
You may have figured out a solution to this problem already but I figured I'd chime in for those still looking to solve this. My solution allows you to request as little Facebook permissions as possible up front, and then dynamically request them as your app needs them.
http://www.mikepackdev.com/blog_posts/2-Dynamically-Requesting-Facebook-Permissions-with-OmniAuth
Hope this helps!
回答2:
It looks like they're adding that to Omniauth, but it's still in beta.
You add a
:setup => true
to your provider and then create a method where you dynamically sets the options (credentials/scope) you need.
https://github.com/intridea/omniauth/wiki/Setup-Phase
https://github.com/intridea/omniauth/wiki/Dynamic-Providers
回答3:
I think you can't do that properly. Because you can't be sure your user use only the photo feature. You user can access to all part of you application photo feature and other feature. When the user is logged and switch from your photo feature to other feature, you can't ask it to re-logged. to access this other feature.
All user don't really check what kind of access their authorize, so don't worry about a lot of permission asking.
来源:https://stackoverflow.com/questions/4751756/how-can-i-specify-the-facebook-permissions-aka-scope-omniauth-asks-for-dynamic