Facebook permissions in Auth0 dashboard seem to be out of date

Hi! I’m trying to use Facebook authentication to manage Facebook pages on behalf of users.

The issue that I’m running into is that Facebook recently deprecated manage_pages and publish_pages permissions and replaced them with six other permissions (https://developers.facebook.com/docs/permissions/reference/manage_pages/). But the settings for Facebook social connection don’t have these new permissions (e.g. the pages_manage_metadata in particular, which is used to manage page details and content). Selecting manage_pages or publish_pages permissions result in an error when logging in: Invalid Scopes: manage_pages, publish_pages.

Is there a plan to update permissions in Auth0 dashboard to reflect the currently available Facebook permissions?
If not, is there a way work around this, e.g. to manually pass the desired scopes when authenticating users via the Facebook connection (in particular using the Universal login or React SDK)?

1 Like

Hi @lena,

Welcome to the Community!

Thank you for posting this. Our Engineering team has this as a task in their work log.

In the meantime, there is a workaround you could do to configure these new scopes for your Facebook Connection.

You can patch in the pages_manage_metadata permission using the Management API - https://auth0.com/docs/api/management/v2#!/Connections/patch_connections_by_id

You can find your Facebook connection’s ID by using the get all connections endpoint: https://auth0.com/docs/api/management/v2#!/Connections/get_connections

Note: Changes to the ‘options’ object in the JSON will overwrite all the existing options.

Here is an example body for the request to the update a connection request ("pages_manage_metadata":true is at the bottom):

{"options": {
    "email": false,
    "scope": "public_profile",
    "ads_read": false,
    "client_id": "<YOUR_CLIENT_ID>",
    "user_link": false,
    "user_likes": false,
    "user_posts": false,
    "read_stream": false,
    "user_events": false,
    "user_gender": false,
    "user_groups": false,
    "user_photos": false,
    "user_status": false,
    "user_videos": false,
    "manage_pages": false,
    "read_mailbox": false,
    "user_friends": false,
    "client_secret": "<YOUR_CLIENT_SECRET>",
    "publish_pages": false,
    "publish_video": false,
    "read_insights": false,
    "user_birthday": false,
    "user_hometown": false,
    "user_location": false,
    "ads_management": false,
    "public_profile": true,
    "user_age_range": false,
    "leads_retrieval": false,
    "pages_messaging": false,
    "pages_show_list": false,
    "publish_actions": false,
    "pages_manage_cta": false,
    "publish_to_groups": false,
    "user_tagged_places": false,
    "business_management": false,
    "read_page_mailboxes": false,
    "user_managed_groups": false,
    "manage_notifications": false,
    "groups_access_member_info": false,
    "allow_context_profile_field": false,
    "pages_messaging_phone_number": false,
    "pages_manage_instant_articles": false,
    "pages_messaging_subscriptions": false,
    "read_audience_network_insights": false,
    "pages_manage_metadata":true
  }
}
3 Likes

Hi, Stephanie!

Thank you for the quick reply! I tried it and it works great. Is there a similar work around I can use for adding scopes to Google social connection (that are not available to choose in the Dashboard)? E.g. the scope I need for Google is https://www.googleapis.com/auth/business.manage, but I can’t add it to options as is, it looks like for Google the scopes in options are shorthand versions. Is there one for this particular scope? I also tried adding the extra scope to options.scope directly, but it appears to be ignored.

And in general, is there a documentation of what can be patched in options for a particular connection type? The documentation for the connection patch endpoint just says options: The connection's options (depend on the connection strategy)

Thanks!

1 Like

I think I found the workaround. I added upstream_params to connection’s options, and that seemed to do the trick:

upstream_params: {
  scope: {
    value: 'email profile https://www.googleapis.com/auth/business.manage'
  }
}
1 Like

Glad that is working for you! Yes, here is an FAQ with more details on the different ways to pass additional params to the identity provider:

1 Like