HybridAuth Facebook login error: "Invalid Scopes: offline_access, publish_stream, read_friendlists"

Question

I am using the HybridAuth library with CodeIgniter Bonfire for adding login functionality with Facebook . I added the library and all related required files into Bonfire.

After clicking on the Login with Facebook button, I am redirected to the Facebook authorization page, but Facebook gives this error:

Invalid Scopes: offline_access, publish_stream, read_friendlists. This message is only shown to developers. Users of your app will ignore these permissions if present. Please read the documentation for valid permissions at: https://developers.facebook.com/docs/facebook-login/permissions..

How can I solve this?

score 8 · Answer 1 · answered Jul 02 '15 at 23:08

To elaborate on @luschn's answer, the permissions which HybridAuth requests from Facebook by default (as of version 2.4.1) are email, user_about_me, user_birthday, user_hometown, user_website, offline_access, read_stream, publish_stream, read_friendlists.

Here's how to remove those depreciated scopes in your HybridAuth config file:

<?php
return
    array(
        'base_url' => 'http://localhost/your/hybridauth/endpoint/index.php',

        'providers' => array (

            'Facebook' => array (
                'enabled' => true,
                'keys'    => array ( 'id' => 'YOUR-APP-ID', 'secret' => 'YOUR-APP-SECRET-TOKEN' ),
                'scope'   => 'email, user_about_me, user_birthday, user_hometown, user_website, read_stream',
                'trustForwarded' => false
            ),
        ),
    );

score 5 · Answer 2 · answered May 07 '15 at 06:54

All those scopes/permissions are deprecated since years - which is exactly what the error message tells you, they just don´t exist. You need to check out the Facebook docs to find out which permissions exactly you need. The API Reference is a good place to find out.

score 2 · Answer 3 · answered Oct 07 '15 at 02:05

current answer of @Arman H would not work, IF YOU DEFINE email in scope you will receive public profile and email adress

<?php
return
    array(
        'base_url' => 'http://localhost/your/hybridauth/endpoint/index.php',
        'providers' => array (
            'Facebook' => array (
                'enabled' => true,
                'keys'    => array ( 'id' => 'YOUR-APP-ID', 'secret' => 'YOUR-APP-SECRET-TOKEN' ),
                'scope'   => 'email',
                'trustForwarded' => false
            ),
        ),
    );

I believe you receive the public profile no matter what you request. Were you trying to NOT get the public profile? — Arman H, Oct 21 '15 at 00:32

score 1 · Answer 4 · edited Feb 16 '18 at 05:08

1

simply goto app advance settings and upgrade your app version, it should be at least 2.7

edited Feb 16 '18 at 05:08

Ilya Yaremchuk

2,007
2
19
36

answered Feb 15 '18 at 19:28

M Ismail

43
1
9

mine is at version 2.11 but still I am getting that error – aidonsnous May 08 '18 at 21:42
2

Its mean you have issue in your callback url, encode your url properly. @aidonsnous – M Ismail May 15 '18 at 13:02

HybridAuth Facebook login error: "Invalid Scopes: offline_access, publish_stream, read_friendlists"

4 Answers4