Security changes in Facebook API 3.0 and its implications for authentication with GAM

Official Content

In Facebook API 3.0, security improvements have been introduced which require that if Facebook is asked for information that exceeds the user's basic information, an app review has to be made by Facebook.
This begins to apply as of August 1st and must be done before the deadline.

At the GAM level, this does not require changes.
Just keep these considerations in mind as indicated in the Facebook ads (*), as of August 1, 2018:

Apps can access only the username, email address, profile, and picture without the need for an App Review.
All other permissions require review by Facebook. Read here for more information.

Apps that require review are those that request the user's birthday, location, hometown, gender, age range, or link to the profile. Click here for additional information.

From the point of view of the GeneXus user who has GAM Facebook Authentication Type, or GAM Oauth 2.0 Authentication Type using Facebook:

When Facebook Authentication is performed, the GAM does not request by default any of the information required by app review, unless:

  • The developer makes it explicit by placing the scopes in the Additional Scope field of Facebook or the Oauth 2.0 authentication.
  • Using Facebook Authentication Type:
    If at the repository level it is configured that the Birthday or the Gender are required, the GAM automatically includes the corresponding scopes in the HTTP GET to Facebook. In this case, it is necessary to carry out the app review on Facebook.


(*)
Facebook announcement:
App Review required by August 1, 2018 to retain existing permissions and features

The Facebook App Review process and API permissions model have been updated. Learn More.

In order to maintain your current API access, your app will need to be submitted for review by August 1, 2018. If your app is not submitted for review, you will lose access to these permissions and features.

user_friends

user_link

user_gender

user_age_range

The Facebook Platform APIs have been updated with these changes. Please review the FAQ to ensure you request the correct permissions and features with your app review submission.

If access to the permissions and features is approved, the app may need to be associated to a verified business to complete App Review.

Was this page helpful?
What Is This?
Your feedback about this content is important. Let us know what you think.