When I learned I was going to be writing my first Facebook web app, I was pretty excited. Much like the feeling of writing a Hello World! in a new programming language, I knew I was going to expand my skillset. I really enjoy new opportunities to learn and solve problems. In fact, I feel this is a fundamental attribute of being a developer. We code because we want to solve problems. So without further ado, let me share the most important thing I learned while writing my first Facebook app.Hopefully my experience will give someone else a head start in their own future project.
You need to ask Facebook for permission to ask permission from the User.
When you integrate Facebook login into your website, you can include the default permissions which includes public profile and email. After the user logs in, they can approve to give your site this information. If you need more than that, i.e., you want to be able to post to a user’s wall, you will need an extended permission. However, you can’t just include an extended permission on Facebook API, you will have to ask Facebook for permission to include an extended permission in your login.
My assumption is that Facebook checks out your website or app in order to determine why you need an extended permission. If this is in fact the case, I believe it is a good thing because at least we can then assume that Facebook is checking the legitimacy of your app. However, let’s wear a black hat for a second. If you really think about it, this process does not stop a malicious programmer from pretending they have a legit app. Once has Facebook approved the extended permissions, malicious programmers can still change their code and do bad things.
Understanding that time is one of the most important parts of web development, once you finish your website or mobile app don't celebrate too early! There will be a delay after making your project “live.” If you needed an extended permission and Facebook is one of your core functionalities, you will have to wait for Facebook’s approval.
Note: You do not need to do this during development because you will have all necessary extended permissions in your dev app, but once you are ready for production, you will have to submit your application to Facebook for review.