how to force OAuth dialog to re-prompt the user for permissions even if already given

孤者浪人 提交于 2020-02-20 08:36:16

问题


The facebook OAuth dialog redirects back to the provided redirect_uri without prompt if the user has previously approved access to the application and provided all permissions ...

I want to overwrite that behavior and force the dialog to ask the user again for permissions ...

wonder if this can be done, since the documentation provide no help on whether this is doable or not.


回答1:


I know this is an old post, but I just came across it and since I found the correct answer elsewhere, I thought I'd post it here.

You can send the auth_type=reauthorize.

AFAIK, auth_type has the following options: * reauthorize always has for permissions * rerequest for declined/revoked permissions * reauthenticate always as user to confirm password.




回答2:


As @Igy has already mentioned, you can revoke user access by issues DELETE request to me/permissions endpoint. The rest is simple:

FB.api('me/permissions', 'delete', function (r1) {
    // FB.login relies on FB.getLoginStatus.
    // Force reloading the login status.
    FB.getLoginStatus(function (r2) {
        FB.login(function (r3) {});
    }, true);
});



回答3:


Why would you want to do this? Getting users past the permissions stage is a critical step that often loses you a lot of traffic. When the pop up is shown, is managed completely by Facebook anyway, so it's not possible to ask someone to accept permissions when they have already done it. The only time they would see the request again is if they first revoke the permissions, or if your app increases the level of access being requested.




回答4:


You can call auth.revokeAuthorization. Don't worry that it says the rest api is deprecated as there currently isn't a graph api method for this and I don't think they will remove it until there is one.




回答5:


I haven't used OAuth with facebook API but if I understand your question properly this is one way you can do it:

without prompt if the user has previously approved access

When facebook redirects back the user to your application (redirect_uri), you can see that the authorization grant is missing and by that you can judge that the user did not approve your request.

force the dialog to ask the user again for permissions

Then you can make another request for new token, but with limited token permissions (limited scope access, because obviously the user did not approve your previous scope request) and the user will be asked again to approve your request with the new set of permissions. This is the way I would do it, and I think this is the way that most of the application do it when the user first rejects their request.

  1. You request a lot of user data - the user denies and is redirected back
  2. You request limited user data - the user may approve this time or can reject again
  3. You can repeat this process as long as you don't think your users will be annoyed :)


来源:https://stackoverflow.com/questions/7494005/how-to-force-oauth-dialog-to-re-prompt-the-user-for-permissions-even-if-already

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!