Facebook permissions in Auth0 dashboard seem to be out of date

lena · January 8, 2021, 4:02pm

Hi! I’m trying to use Facebook authentication to manage Facebook pages on behalf of users.

The issue that I’m running into is that Facebook recently deprecated manage_pages and publish_pages permissions and replaced them with six other permissions (manage_pages - Graph API - Documentation - Meta for Developers). But the settings for Facebook social connection don’t have these new permissions (e.g. the pages_manage_metadata in particular, which is used to manage page details and content). Selecting manage_pages or publish_pages permissions result in an error when logging in: Invalid Scopes: manage_pages, publish_pages.

Is there a plan to update permissions in Auth0 dashboard to reflect the currently available Facebook permissions?
If not, is there a way work around this, e.g. to manually pass the desired scopes when authenticating users via the Facebook connection (in particular using the Universal login or React SDK)?

stephanie.chamblee · January 8, 2021, 6:34pm

Hi @lena,

Welcome to the Community!

Thank you for posting this. Our Engineering team has this as a task in their work log.

In the meantime, there is a workaround you could do to configure these new scopes for your Facebook Connection.

You can patch in the pages_manage_metadata permission using the Management API - Auth0 Management API v2

You can find your Facebook connection’s ID by using the get all connections endpoint: Auth0 Management API v2

Note: Changes to the ‘options’ object in the JSON will overwrite all the existing options.

Here is an example body for the request to the update a connection request ("pages_manage_metadata":true is at the bottom):

{"options": {
    "email": false,
    "scope": "public_profile",
    "ads_read": false,
    "client_id": "<YOUR_CLIENT_ID>",
    "user_link": false,
    "user_likes": false,
    "user_posts": false,
    "read_stream": false,
    "user_events": false,
    "user_gender": false,
    "user_groups": false,
    "user_photos": false,
    "user_status": false,
    "user_videos": false,
    "manage_pages": false,
    "read_mailbox": false,
    "user_friends": false,
    "client_secret": "<YOUR_CLIENT_SECRET>",
    "publish_pages": false,
    "publish_video": false,
    "read_insights": false,
    "user_birthday": false,
    "user_hometown": false,
    "user_location": false,
    "ads_management": false,
    "public_profile": true,
    "user_age_range": false,
    "leads_retrieval": false,
    "pages_messaging": false,
    "pages_show_list": false,
    "publish_actions": false,
    "pages_manage_cta": false,
    "publish_to_groups": false,
    "user_tagged_places": false,
    "business_management": false,
    "read_page_mailboxes": false,
    "user_managed_groups": false,
    "manage_notifications": false,
    "groups_access_member_info": false,
    "allow_context_profile_field": false,
    "pages_messaging_phone_number": false,
    "pages_manage_instant_articles": false,
    "pages_messaging_subscriptions": false,
    "read_audience_network_insights": false,
    "pages_manage_metadata":true
  }
}

lena · January 14, 2021, 4:55pm

Hi, Stephanie!

Thank you for the quick reply! I tried it and it works great. Is there a similar work around I can use for adding scopes to Google social connection (that are not available to choose in the Dashboard)? E.g. the scope I need for Google is https://www.googleapis.com/auth/business.manage, but I can’t add it to options as is, it looks like for Google the scopes in options are shorthand versions. Is there one for this particular scope? I also tried adding the extra scope to options.scope directly, but it appears to be ignored.

And in general, is there a documentation of what can be patched in options for a particular connection type? The documentation for the connection patch endpoint just says options: The connection's options (depend on the connection strategy)

Thanks!

lena · January 14, 2021, 5:17pm

I think I found the workaround. I added upstream_params to connection’s options, and that seemed to do the trick:

upstream_params: {
  scope: {
    value: 'email profile https://www.googleapis.com/auth/business.manage'
  }
}

stephanie.chamblee · January 14, 2021, 6:02pm

Glad that is working for you! Yes, here is an FAQ with more details on the different ways to pass additional params to the identity provider:

system · January 29, 2021, 6:02pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.