I'll be using this in the morning to easily log into all my gmail accounts from work. When I leave work I have a logoff script that clears all my cookies. This logs me into all gmail accounts that I am logged into on my phone without having to log in several times.
Facebook API had so many breaking changes happening all the time that they decided, as a "benefit" to developers, that they would stack them all up to occur on the first of each month. This is in the name of BS called "operation developer love". And this is only for the breaking changes that get announced. The much more common scenario that ComputerGuru mentions is where stuff gets broken, acknowledged as a bug Facebook, and then never fixed. If you read the stats they publish in their blog posts, 2-3x the number of bugs get accepted than the number that get fixed, EVERY SINGLE week.
I read this and I think, why would I even want to write code for an API that I'd have to maintain far more actively than the rest of my project?
They've even faffed with the basic generated widgets enough for you to have to keep an eye on what works, so you can prepare to fill the same form in yet again to get the same thing working again.
Stability should be the priority if you don't want to piss third party devs off.
Ugh. I did a favour for someone by added some very basic FB integration to his site. I've had to go back 2 or 3 times to fix it and he now thinks I'm pretty incompetent as a result.
My favorites were bugs filed where numerous people would post about it, fb would never respond, then after a few months they would just "close" it due to inactivity!
I've seen a study that shows this isn't true, especially when prompting for offline_acces. Wish I could find the link. Also, Facebook's app analytics shows you the break down of how often permissions are rejected and from what I've seen with high usage, the permissions prompted did matter. I would disagree that you should just ask for ones you might not need, especially since you can always prompt the user later for more if needed.
I'm looking at the Facebook Insights for the app right now. The bucket where we asked for the most permissions (excluding email) performed significantly better than the other options. I don't know why that is the case, but it is.
As for asking for permissions later, since it doesn't seem to matter we ask for all the ones we need up front. We've found that gradually asking for permissions as needed annoys the user and breaks up the app flow.
Facebook API does have a method where you can revoke the permission automatically (ie when you no longer need it). And also if you don't request offline_access permission, the token is only valid for an hour or two. But yes, Facebook doesn't make this very clear to the user.
