When you create a Facebook application, users can authenticate and JFBConnect can fetch their email address, first name, last name and a few other basic details about the user. To get additional information about the user's profile or do more advanced features, you'll need to go through the Facebook App Review process to show why you want those permissions for your site.
Scope is the word Facebook uses for each permission you can request from a user. By default, each application has the permission to read the following fields from a user after they authenticate on your site:
Facebook is constantly changing. You can see the current list of available default fields in Facebook's Permissions Reference documentation.
While configuring JFBConnect, some settings you choose may require additional scope to work. Profile fields like Current Location or Hometown Location, importing a user's last status update into another Joomla profile extension, or setting up any of the Channels feature all require additional scope to function.
JFBConnect offers a simple way to check which additional scope you have configured by going to the App Review section in the admin area. In the App Review area a list of the different configuration areas of JFBConnect are displayed along with the permissions configured by those sections:
It is recommended to request only the scope you require for your website. Please review each of the permissions in the JFBConnect -> App Review list to verify you really need them. Requesting unnecessary or unused permissions can prevent users from wanting to register on your site with Facebook and may cause Facebook to deny those permissions to be requested at all.
Once you have a list of scope that your app requires, you'll need to go through the Facebook App Review process. The App Review allows you to explain to Facebook what scope you want to request from your users, why you want to request them, and how your site will use the data that each scope provides.
We suggest going through a separate App Review process for each section of JFBConnect's App Review area: Profile, Channels and Custom. This allows you to group related scopes together for review, making the review process more straightforward.
We work hard to make sure JFBConnect only uses permissions as Facebook requires. However, you'll need to explain and demonstrate how you use those permissions on your site. When you add a scope to your submission, a list of suitable use cases is provided. Make sure you are using the permission according to those requirements before submitting.
For example, when requesting the "user_link" permission, an acceptable use case is
"To provide a way for someone who uses your app to visit the Facebook profile of another person who uses your app, for example, for dating or local listings."
Assuming you're using JFBConnect to import the user's Facebook profile link into JomSocial, Community Builder, EasySocial or another profile extension, a suitable description would be:
"The user_link scope is requested to provide a link in the user's on-site profile so other users can view their Facebook profile."
There is a section in the App Review submission for screencasts to help explain your request. Submitting this isn't always required, but will help the reviewer understand your site and interaction points for your users much more clearly.
What may seem obvious to you, like where to login or where to find their profile page that shows how imported data is displayed may not be immediately obvious to them. A screencast that shows you logging in using Facebook and where to go on the site to view imported data (for profile fields) or how to post to a channel (using the social toolbar's Create Post) button will greatly help streamline your approval process.
Your screencast does not need to be professionally done! You can use a cellphone aimed at your monitor while you navigate the site. The reviewer is not looking for perfection, just an understanding of how the scope is used.