Facebook Graph API Changes
As of August 1, 2018, Facebook has changed the Facebook Graph API permissions and fields that can be requested. Auth0 has updated Facebook Connections to reflect these changes and modified the connection interface for clarity. See Facebook Login Changelog: Recent Changes to Facebook Login for complete details and key dates.
Features affected
The update may not require changes to your code or configuration, but your application might receive additional profile data if the existing permissions allow it. Keep in mind that:
If your Facebook connection is configured to request one of the removed permissions, your Access Token will not get them in scope.
If your Facebook application is marked as "development" then you may still see an error temporarily while trying the connection.
If you add new permissions to the connection, end users will be prompted for consent next time they log in. See the Facebook documentation for how to handle actions for users that don't have a specific permission.
Facebook login permissions
Facebook Login permissions are requested by your application when a user logs in using Facebook. If the user is logging in for the first time or if the permissions have changed, they will be shown a consent window in Facebook showing the new permissions requested. Once those permissions are granted, your application can then act on behalf of that user with a Facebook access token.
The Facebook Connection interface has been updated to show both the regular name as well as the machine name for all permissions displayed. This makes it easier to find the permissions you need and map that to any code you might be running using these permission names.
Permissions added
The following permissions were added to the Facebook connection interface:
business_management
groups_access_member_info
leads_retrieval
pages_manage_instant_articles
publish_to_groups
publish_to_groups
user_age_range
user_gender
user_link
Permissions removed
The following permissions were removed from the Facebook connection interface:
read_custom_friendlists
rsvp_event
user_about_me
user_actions-books
user_actions-fitness
user_actions-music
user_actions-news
user_actions-video
user_education_history
user_games_activity
user_relationship_details
user_relationships
user_religion_politics
user_website
user_work_history
Permissions moved to deprecated
The following permissions were moved to the Deprecated section and should not be used with the latest version of the Graph API:
publish_actions
user_managed_groups
Facebook Graph API fields
The Facebook Graph API is used after a user logs in to retrieve profile data for the Auth0 user. The user data permissions requested determine what information is retrieved from the Graph API. The fields that are returned depend on the permissions requested and the existence of those fields in the Facebook user profile.
This change upgraded the Graph API from v2.8 to v3.2 and will ask for the following user data fields on login:
address (added)
age_range
birthday
context
cover
currency (added)
devices
email
favorite_athletes
favorite_teams
first_name
gender
hometown
id
inspirational_people
install_type (added)
installed
is_verified
languages
last_name
link
locale
location
meeting_for (added)
middle_name
name
name_format
picture
public_key (added)
quotes
security_settings (added)
short_name (added)
significant_other
sports (added)
third_party_id
timezone
updated_time
verified
video_upload_limits (added)
viewer_can_send_gift (added)