Meteor: Facebook permissions not requested again if user uncheck a permission

This is the way the Facebook oAuth API behaves and this is already supported. If you check the Facebook documentation you'll see two sections:

• Manually Building a Login Flow which indicates that you'll need to specify an auth_type of rerequest.
• Reauthentication, which I believe is a more extreme version of the previous option, involving an auth_type of reauthenticate

You can pass these options as the first parameter to: Meteor.loginWithFacebook and it should just work.

I'm going to close this because it should work, but please @mention me for a reopen if you find that it does not work. But please provide a reproduction which has auth_type: "rerequest" set.

Also, I'll update the documentation. :smile:

Whoops. Re-opening because I just realized that the Meteor Facebook code is passing authType instead of auth_type!

So, it won't work right now. I'll submit a PR to fix that.

I think that doing loginWithFacebook call once when the user declined to share some information is enough.

Meteor.loginWithFacebook({
    auth_type: 'rerequest',
    requestPermissions: ['public_profile', 'email'],
}, (err) => {
    if (err) { throw new Meteor.Error(`Facebook login failed, error message: ${err.message}`); }
});

I read this Facebook docs page https://developers.facebook.com/docs/facebook-login/handling-declined-permissions#reprompt

I think that auth_type: 'rerequest' works first but after the first loginWithFacebook call Meteor app needs to check that some permissions were not granted by calling this API:

GET https://graph.facebook.com/me/permissions?access_token=USER_ACCESS_TOKEN

and then call loginWithFacebook again with auth_type: 'rerequest',