Igor Kromin |   Consultant. Coder. Blogger. Tinkerer. Gamer.

A while back I wrote about how to integrate with Facebook and use pre-authenticated tokens to automate posting of Blog posts. This of course required an app to be registered to work. Recently Facebook changed their app permissions model to require reviews for all apps that make use of any but the basic of features.

After this change, every time I logged into the Facebook for Developers page I was presented with an alert informing mw about the review...
fbreview_1.png


However the publish_pages permission was not appearing in the alert message (at least for me). So, I decided to look around. The permissions reference did however talk about requiring app review for apps that were using this permission...
fbreview_4.png


That didn't sit quite right with me because my app was using pre-authenticated tokens and essentially ran as myself all of the time; also it was not really an app in a traditional sense either since its only purpose was to post from my Blog to the Facebook page for the Blog. So this prompted me to check out the access tokens documentation. Here it stated that a review may not be necessary after all!
fbreview_3.png




The page roles help page talked about the various roles that are given to app users. Since I was the Admin, I had permissions to post as the page. I thought I'd verify this by getting a new User Access Token for my app from the Graph Explorer...
fbreview_5.png


The publish_pages permission was automatically selected and there was no way to deselect it.
fbreview_6.png


So since the code that integrated with Facebook always used the user token and then retrieved a page token, it would inherit the right permissions and didn't need to request these permissions on its own. This meant that no app review was required!

-i

A quick disclaimer...

Although I put in a great effort into researching all the topics I cover, mistakes can happen. Use of any information from my blog posts should be at own risk and I do not hold any liability towards any information misuse or damages caused by following any of my posts.

All content and opinions expressed on this Blog are my own and do not represent the opinions of my employer (Oracle). Use of any information contained in this blog post/article is subject to this disclaimer.
Hi! You can search my blog here ⤵
NOTE: (2022) This Blog is no longer maintained and I will not be answering any emails or comments.

I am now focusing on Atari Gamer.