1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 How is Facebook publish_stream permission "Post to Facebook as me" used?

Discussion in 'XenForo Questions and Support' started by Thelo, Jan 29, 2012.

  1. Thelo

    Thelo Member

    I've noticed that when using the Facebook integration login, Xenforo requests the publish_stream Facebook permission (Facebook.php, function getFacebookRequestUrl), which is shown to the user as a request to "Post to Facebook as me: ForumName may post status messages, notes, photos, and videos on my behalf" when they first log in.

    Since requesting this permission looks scary to many spam-wary users, I'd like to know why Xenforo requests this permission, what exactly it does with it, and if there is a safe way to avoid requesting it. According to Facebook (and common sense), there is a strong inverse correlation between the number of permissions requested and the number of people willing to accept them, so if it's not actually useful, I'd like to avoid it.

    The current Xenforo Facebook permission requests are: "email,publish_stream,user_birthday,user_status,user_website,user_location"

    Facebook has this to say on publish_stream:
    Edit: In particular, it doesn't look like publish_stream is necessary for either the Like feature or for logging in through Facebook, so I'm pretty puzzled as to what exactly it does for Xenforo...
  2. Mike

    Mike XenForo Developer Staff Member

    It is not used currently, but there would be plans to allow users to push threads they create back to FB, etc.
    digitalpoint likes this.
  3. Thelo

    Thelo Member

    Alright, in that case I'll edit it out for my own copy of Xenforo, to simplify the FB login flow and make it look less scary for newcomers.

    Thanks for the fast answer!
  4. digitalpoint

    digitalpoint Well-Known Member

    If you edit it out for now, you might run into issues down the road when those features are used in XenForo and you now have users that have linked their Facebook account without the necessary permissions (of course wouldn't matter if you didn't use those functions in the future)... just something to think about.
  5. Thelo

    Thelo Member

    If I understand correctly how Facebook permissions work, if you end up needing some permission later, you can just request it at the time where you actually use it - and Facebook will popup a permission request to those users who haven't granted it yet. So I'm willing to ask for that additional permission later when / if it turns out we need it. ;)
  6. digitalpoint

    digitalpoint Well-Known Member

    Yep... but the mechanism to request additional permissions is probably going to be something you are going to have to code yourself... since XenForo by default already asked for the necessary permissions, I suspect there's not going to be a mechanism to request additional permissions. Of course I could be wrong... but that's how *I* would build it as a developer. Adding additional code/extra step to take into account installations that went in and changed how things work... probably wouldn't be something I would bother with.

    Plus the fact that XenForo is already proactively requesting permissions for something they already know they are going to use in the future is an additional hint that there isn't going to be a built-in "request more permissions" mechanism.
  7. Thelo

    Thelo Member

    Just as a followup, I ended up having to add a new Facebook permission (friends_online_presence) to the list, and the process was very smooth: I simply added it to the permissions string in Facebook.php, and now the next time a Facebook-enabled user logs to the forum, Facebook automatically detects the new permission request and prompts for it once. Once the permission is granted, it stays granted.

    So in the end, I didn't really have to code anything to add a new permission, and our users were minimally impacted. This means that it's pretty safe to remove the publish_stream permission request, even if it's actually used later on.
  8. tmac

    tmac New Member

    Thelo - could you share how you removed the publish_stream permission request? I'd like to do the same. Thanks!
  9. Thelo

    Thelo Member

    The file /library/XenForo/Helper/Facebook.php has this line in it:
    $perms = 'email,publish_stream,user_birthday,user_status,user_website,user_location';
    Just remove ",publish_stream" from that string and you're good to go.
    8thos likes this.
  10. tmac

    tmac New Member

  11. digitalpoint

    digitalpoint Well-Known Member

    Total side note, but I built something to give users the ability (only if they want) to publish certain things to their Facebook wall/stream, so it came in quite handy having the publish_stream permission already enabled.

    Chris D and 8thos like this.
  12. DRE

    DRE Well-Known Member

    Yeah I saw that when I was on your site last week. I'm getting the same thing (status wise) for my own site as well. http://xenforo.com/community/thread...-to-facebook-status-and-twitter-status.35907/
  13. fattony69

    fattony69 Well-Known Member

    I know you don't share many of your addons (and for good reason like you've stated in past posts), but this would be a good one to release.
  14. Chris D

    Chris D XenForo Developer Staff Member

    I've already released the Social Status Updater which does the post to Facebook (and Tweets to Twitter) when you change your Status.

    Obviously digitalpoint's one has some extra features :)
  15. digitalpoint

    digitalpoint Well-Known Member

    There is an addon that already does it somewhere (oops, looks like Chris Deeming already posted it).

    The problem with my setup with the ability to post stuff to Facebook, is the Facebook stuff is just 1 of 6 third party accounts you can link, and the 5 other account types each do something specific to Digital Point for the user. For example people can link their Google Analytics account for various things as shown here: http://adminextra.com/threads/lack-of-development.5780/page-30#post-51534

    So making the Facebook thing I did as an addon just doesn't make much sense because it's a *tiny* part of a much bigger addon that does all sorts of crazy things that are specific to Digital Point.

Share This Page