Unexpected behavior after removing one permission from our Facebook-connection

After removing “business-management” from required permissions in the Facebook connection, a confirmation dialog started to show up in every login even after confirmation.

1 Like

Hi @iyadshami,

I have not seen this issue previously. Is this an issue with Auth0, or with your facebook settings config?

Let me know,
Dan

1 Like

Thanks for your response,

To understand you better, What do you mean with “Facebook settings”?
our application has been in production for almost 1 year, and we have not faced this behavior until I removed “business-management” permission.

the auth0 login does not redirect to our app, it shows the dialog immediately after pressing login button, so I think this is something related to Auth0.

can you provide me with the steps of how auth0 deals with the changing of Facebook permissions.
and one other thing, I noticed that when the dialog appears, the Facebook SDK version that appears in the URL shows “v2.10” does this have anything to do with the behavior we are facing.

We really appreciate your help, thank you.

Hi @dan.woda,

We are still facing the same behavior, any help will be appreciated.

Hi @iyadshami,

Sorry for the delay.

The Auth0 dashboard leverages the Auth0 management API PATCH api/v2/connections/{id} endpoint to update connections.

Is facebook asking for permission to business management in the prompt? Essentially, is that a required permission that is not being requested from auth0 since you have deactivated it, and it is not having to request access every login.

I searched further and cant find any instances and am unable to reproduce the issue.

I have a few questions.

Can you please DM me a HAR file of the behaviour so I can investigate further?

Also, does the behavior stop if you turn the permission back on?

Thanks,
Dan

1 Like

Unfortunately, I was unable to gather any useful information from the HAR file.

Does the behavior stop if you reactivate the business management permission?

I did more searching but can’t find other users having this issue. To confirm the current behavior: every time a user logs in, the permissions are requested. Previously, users would only have to give permission on the first login?

Let me know.

Thanks,
Dan

The behavior does not stop when I reactivate the business management permission, it shows a message in the prompt that says: “Some of the permissions below have not been approved for use by Facebook.”

Yes the current behavior is exactly as you described it, every time a user logs in, the permissions are requested.

you can try it here:
https://mujeeb.ai

Does “Sync user profile attributes at each login” have anything to do with this problem?
I switched it on and off and nothing changed.

@iyadshami,

I asked for some extra help on this, just waiting to hear back.

Thanks,
Dan

Can you confirm that the permissions requested by facebook match the permissions you have configured in auth0 exactly.

Yes, the permissions requested by facebook match the permissions in auth0 configuration exactly

Are you able to provide more detail about your implementation? What frameworks and libraries you are using? Did you use a quickstart or tutorial? What facebook connection settings are you using? Is this occurring for all users or just one?

What frameworks and libraries you are using?
we are using Vuejs to build our SPA

import auth0 from "auth0-js";
import EventEmitter from "events";
import authConfig from "../configs/auth0.config.json";

const webAuth = new auth0.WebAuth({
  domain: authConfig.domain,
  clientID: authConfig.clientId,
  redirectUri: `${window.location.origin}/callback`,
  audience: "https://mujeeb.ai/api",
  responseType: "token id_token",
  scope: "openid profile email full_access"
});

the auth0 package is: "auth0-js": "^9.11.2"

Did you use a quickstart or tutorial?
yes I used the quickstart for vuejs provided by Auth0

What facebook connection settings are you using?
these are the permissions we used in our connection

Is this occurring for all users or just one?
for all users

Is there any suggestions or any debugging process I can carry out to investigate this behavior?

I got some more feedback on this issue and we have a few strategies to debug.

Here are a few more questions:

  • Are you using auth0 dev keys for the connection? This can cause problems
  • Are you testing the connection through the dashboard? This could also cause permission to always be requested
  • It looks like the read page mailboxes permission is deprecated. Is this causing it?

If none of these fix it, can we get another HAR file. I showed the one you sent previously to a more senior staff member and they said it looks incomplete.

Thanks,
Dan

Are you using auth0 dev keys for the connection?
No

Are you testing the connection through the dashboard?
did you mean trying the connection from the dashboard? if that is true then my answer is No. I am using the JavaScript Nodejs package.

It looks like the read_page_mailboxes permission is deprecated. Is this causing it?
I removed it, however the prompt still appears.

I will send you the HAR file

This has been resolved. The behavior looks like it was occuring because of a facebook configuration.

Feel free to start a new topic if you have any more questions.

Thanks,
Dan

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.