1

2 weeks ago we received a message on developers.facebook.com about our app appears to be creating a negative experience on Facebook, and it violate the privacy policy of Facebook. We recived an email with the same info, and 4 paragraph which countained that we need to check the Facebook documentation, and we should try to search the issue on stackoverflow, etc.

I checked the GDPR fields (I am in EU) and my used and already approved permissions with my code. BTW my approved items: email and default. I need this permission, because I have a login system on my website - so we have a need for the name, email and avatar of the user and for this data to be saved in our database. I had an alert previously about OAuth redirect URIs or enabled Strict Mode validation. I filled the OAuth field with a valid url and I enabled "Strict Mode for Redirect URIs". After I submitted an app review.

And now, the Facebook restricted our app and we don't have any clue where to look for the error.

To login I requested data: public_profile, email.

auth_type: rerequest
response_type: code granted_scopes
redirect uri: mywebpage.tld/get_facebook_profile

In Facebook login settings page:

Client OAuth Login: yes
Web OAuth Login: yes
Force Web OAuth Reauthentication: no
Use Strict Mode for Redirect URIs: yes (and now it's unchangeable)
Enforce HTTPS: yes (unchangeable too)
Embedded Browser OAuth Login: no
Valid OAuth Redirect URIs: filled with a valid url, and yes, I use https
Login from Devices: no

If I copy the Valid OAuth Redirect URIs to Redirect URI Validator field and if I click "Check URI", I get a message about my URI is valid.

I'm thinking. The "Deauthorize Callback URL" and "Data Deletion Request URL" field are empty and I think it is not required. The Facebook maybe restricting us about this? Or we need a higher user permissions, because we store user data?

Anyway and seriously, where do we get the information about why facebook restricted our app on Facebook, if Facebook refuses to help and dont give any technical information?

Benjamin S
  • 11
  • 3
  • Do you have a proper privacy URL, and made sure it is readable by Facebook’s scraper (via FB debug tool)? Are you only reading the few mentioned data fields, or do you also publish/share stuff on Facebook via this app id using *any* methods? _“appears to be creating a negative experience”_ often times means people reported stuff published via your app as spam. – 04FS Mar 28 '19 at 10:25
  • Our privacy policy (which created by own lawyers) is avaliable for Facebook's scraper, and linked in this app, and I only reading this fields, I never used publishing methods with this id. I dont know how much is the chance for users reporting my app as spam, because at now my another pages's fb app is already warned too. :( – Benjamin S Mar 28 '19 at 11:47
  • It was solved. The "Deauthorize Callback URL" and the "Data Deletion Request URL" is required in EU, because we have GDPR oc. – Benjamin S Apr 26 '19 at 13:16

1 Answers1

0

It was solved. The "Deauthorize Callback URL" and the "Data Deletion Request URL" is required in EU, because we have GDPR oc.

Benjamin S
  • 11
  • 3