How to revoke all Facebook permissions using Android SDK?

Question

I'm having a problem revoking Facebook permissions using the Android SDK.

There's a case in my app where I want to revoke all permissions. According to the Facebook documentation, you can use AsyncFacebookRunner to do this, and "if you don't specify a permission then this will de-authorize the application completely."

I'm currently doing it like this:

String method = "DELETE";
Bundle params = new Bundle();
params.putString("permission", "");

mAsyncRunner.request("/me/permissions", params, method, new RequestListener()
                     { ... }, null);

using the request signature like this:

void request(String graphPath, Bundle parameters, final String httpMethod,
             RequestListener listener, final Object state)

The onComplete() callback function seems to come back OK, but doesn't appear to have de-authorized the access token. I'm inferring this because the next time I call facebook.authorize(), it works without pushing the user to the Facebook login page.

Any ideas what I need to change to completely de-authorize an access token? Or is there a different/better way to do this? Many thanks!

Answer 1

For anybody looking to do this in later versions of the SDK/Graph API - It appears the correct way to do this now is as shown here https://developers.facebook.com/docs/graph-api/reference/user/permissions/

new Request(
   session,
    "/me/permissions/{permission-to-revoke}",
    null,
    HttpMethod.DELETE,
    new Request.Callback() {
        public void onCompleted(Response response) {
            /* handle the result */
        }
    }
).executeAsync();

Leaving the /{permission-to-revoke} off of the second parameter will revoke all the permissions

Answer 2

You can delete the entire application (not only permissions) from users Facebook account using latest SDK (mine is 4.1.1)

void deleteFacebookApplication(){
    new GraphRequest(AccessToken.getCurrentAccessToken(), "/me/permissions", null, HttpMethod.DELETE, new GraphRequest.Callback() {
        @Override
        public void onCompleted(GraphResponse response) {
            boolean isSuccess = false;
            try {
                isSuccess = response.getJSONObject().getBoolean("success");
            } catch (JSONException e) {
                e.printStackTrace();
            }
            if (isSuccess && response.getError()==null){
                // Application deleted from Facebook account
            }

        }
    }).executeAsync();
}

Answer 3

It appears from this post: Facebook deauthorize my app and others that it's not possible to deauthorize an application programmatically. Unfortunately, the call above returns successfully to onCreate() but does nothing to deauth/delete the app for the user.

Bottom line: It looks like the only way to deauth an app is for the user to do it directly in Facebook. If anyone knows differently, please say so - but otherwise, don't waste your time trying! Thanks.

Answer 4

I am using the code suggested in the question and it completely de-authorized my test application. Tested it several times and it worked every each one of them.

This is also the code suggested in the official facebook documentation here: https://developers.facebook.com/docs/mobile/android/build/ - Step 7