Always before start building your application you need to carefully consider the functions and services your application will be delivering to the user and at the same time what information is needed from the user to make a complete user experience. That being said always read over the list of extended permissions Facebook made available for applications’ developers and pick the permissions needed by your application.


Asking for extended permission using Facebook JavaScript SDK

This is really a no-brainer and clearly stated in Facebook Documentation:
UPDATE: If you are using the latest JS-SDK (with OAuth 2) then you need to use the scope parameter:

FB.login(function(response) {
  if (response.authResponse) {
      // user is logged in and granted some permissions.
  } else {
    // User cancelled login or did not fully authorize.
}, {scope:'read_stream,publish_stream,offline_access'});

Using the old OAuth:

FB.login(function(response) {
  if (response.session) {
    if (response.perms) {
      // user is logged in and granted some permissions.
      // perms is a comma separated list of granted permissions
    } else {
      // user is logged in, but did not grant any permissions
  } else {
    // user is not logged in
}, {perms:'read_stream,publish_stream,offline_access'});
Back to top

Asking for extended permission using Facebook PHP-SDK

Now even if this is not mentioned in the Facebook PHP-SDK example file, here’s how to ask for extended permissions:
UPDATE: If you are using the latest PHP-SDK (v3+) then you need to use the scope parameter:

$loginUrl = $facebook->getLoginUrl(array(
    "scope" => "read_stream,publish_stream"

If you still using the 2.x version then use:

$loginUrl = $facebook->getLoginUrl(array(
    "req_perms" => "read_stream,publish_stream"
Back to top

Asking for extended permission when calling the OAuth Dialog request

This is mentioned in the Facebook Authentication document:

This is useful if you are not developing using any SDK or developing a Desktop Application.

Back to top

Asking for extended permission using Facebook Login Plugin

Just like in the documentation, you just need to add the permissions to the perms parameter:

<fb:login-button scope="read_stream,publish_stream"></fb:login-button>
Back to top

Asking for extended permission for a user that has already authorized your application

Even if it seems that the above approaches should only be used once in the work-flow of your application, this is not true. Asking for extra permission from a user who has already authorized your application is done by just using any of the above approaches again!

Let us assume that you added a new feature that allow users to create events from your application but you didn’t ask for the create_event permission. One way of doing this:

<fb:login-button scope="create_event">
	Grant Permissions to create events 

It’s worth mentioning that it’s best to first check if the current user has already granted you the extra permission and remove the extra request. This can be done easily, just follow our tutorial on how to check if a user has granted your application a certain permission.

Back to top


Just like how important you ask for the extended permissions needed by your application, you should not ask for any permission if your application is not going to make use of it (especially publish_stream and offline_access). Quote from a Facebook document:

Depending on your application’s needs, you may need additional permissions from the user. A large number of calls do not require any additional permissions, so you should first make sure you need a permission. This is a good idea because this step potentially adds friction to the user’s process. Another point to remember is that this call can be made even after the user has first connected. So you may want to delay asking for permissions until as late as possible.

Back to top
  • André

    The PHP example isn’t working for me.. Facebook just asks for the basic information even though I have asked for publish_stream and manage_pages. Any tips? 

    • Gerard Nijboer

      Got any update on this? Also got the same problem!

      • Jefferson

        Me too! Not asking permission 🙁

        • Mahendra

          This code is working for those who has created facebook applicaiton and generate the access token using same facebook account but if i login with some other facebook account and generate access token then it not giving permission of manage_pages,publish action to another facebook account token, something wrong? if someone help thanks in advance.

  • André

     I solved this by changing “req_perms” with “scope”, working perfectly now =)

    $loginUrl = $facebook->getLoginUrl(array(      “scope” => “read_stream,publish_stream,manage_pages”));

  • Avnish

    i wanted to know something, suppose i want to publish as my app on all the users’s wall who have liked my app at say.. 10 pm everyday, how will i do it??

    i have read ur tutorials, i know i have to use publish_stream, and fb feed..
    i am not getting where does the timing part comes??can you write a full fledged example for that??
    i have read ur comments at stackoverflow, and know the background, an example will be great help..

  • Sunnyg246

    Thanks it helps me a lot…

  • Mohamed Tair

    Thanks ^^