I checked and i did use https.
Whatever error message you are getting, search the internet for it as I’m sure you’re not the first.
Did Facebook give you any more detail? We haven’t run into this so any information will have to be provided to/by you.
Hmm, if they’re looking for deletion information, try setting it to
/tos instead and see if that makes them happy.
There is some stuff about it here: Overview - Facebook Login - Documentation - Facebook for Developers and Data Deletion Callback - App Development - Documentation - Facebook for Developers
I don’t know if that’s exactly the right place to look.
That sounds like the best way round it. If Discourse were to delete all the Facebook data automatically (I can’t remember - it’s just name, email and profile picture I think) then it would effectively mean anonymising the Discourse user, which mightn’t be what the user wanted when removing the login app from Facebook.
I don’t remember any of this from when I set up Facebook login - I just blindly followed the instructions from this forum and it seemed to work ok.
Edit: Thinking again, I don’t think there is any review process for what Discourse needs. Maybe you ticked something wrong at an earlier stage (asking for too much information)? Or maybe there’s just an new empty box for the deletion information that needs an URL that wasn’t mentioned in the instructions.
I’ve just checked at https://developers.facebook.com/ and there is now an extra input box which isn’t shown in the instructions at step 5 of Configuring Facebook login for Discourse.
A tooltip states: “The General Data Protection Regulation (GDPR) requires developers to provide a way for people to request that their data be deleted. To be compliant with these requirements, you must provide either a data deletion request callback or instructions to inform people how to delete their data from your app or website. Learn More”
Seems those are missing but not sure how to fix this.
These could be added in meta tags using a theme component, I think. There’s something about og:type at The Open Graph protocol
Leaving it blank for now seems like a reasonable approach to me.
I just configured Facebook logins for my test site. I added a Data Deletion section to my Discourse site’s Privacy page. In that section I explained both how to remove permissions for the Facebook App from the Associated Accounts section of the user’s preferences page and how to request account deletion or anonymization by contacting the site’s Staff group. I then added a link to that section of the Privacy page to the Facebook User Data Deletion field.
I am not certain that this meets Facebook’s criteria, but I was able to set the app to Live. Facebook login is now working on the site. I’ll keep an eye on it to see if Facebook requests any changes to the app’s configuration.
Can you share your Data Deletion section that you added to your Privacy page?, seems this is the way.
I wasn’t sure exactly what they were looking for, so I added two sections to my site’s Privacy page:
Accounts on this site can be anonymized or deleted at the users request. Contact our
@supportgroup for details.
Any apps authorized for logging users onto the site can be removed by going to the Associated Accounts section of a user’s preferences page.
I configured the headings for these sections as anchor links and then included the anchor for the first section in the URL that I added to the Data Deletion Instructions URL on Facebook (
It’s not clear to me if Facebook is wanting details about how to remove their app to be displayed, but I don’t think it could hurt to give that information.
At this point, this is my best guess about how to meet Facebook’s criteria. I’ll try to confirm that and update the topic at Configuring Facebook login for Discourse soon with details.
I added the same two sections with anchors links as you suggested and an important step on User Data Deletion i added my site’s Privacy page as Data Deletion Callback URL, afterwards Facebook asked me a Category for my site and selected as requested. Doing these three steps i could finally switch it to live mode and after on Products i configured a Facebook Login.
I don’t think Discourse has a URL that can be used for this. I guess on Facebook the user will be presented with a “click here delete your data on mognet’s forum” link which won’t do anything.
Neither was I, but I am now. They are sharing personal data with the forum, and want to ensure that there is a way for that data to be deleted by the forum when the user removes the login app from Facebook. As far I am aware, the information is real name (or, at least, the Facebook profile name), email address and avatar. (I guess this might have been implemented after scandals about Facebook allowing mining of personal information via third-party apps, e.g. Facebook–Cambridge Analytica data scandal - Wikipedia, but the reason isn’t relevant.)
If you look at the first screenshot on Data Deletion Callback - App Development - Documentation - Facebook for Developers it seems fairly clear: “Request … delete info it has about you from Facebook” (i.e. information obtained from Facebook). The callback function documentation (which is not directly relevant here but is instructive) says: “The Data Deletion Request callback that you implement must do the following: Initiate the deletion of any data your app has from Facebook about the user. …”
So the wording above – “Accounts on this site can be anonymized or deleted at the users request. Contact our
@support group for details.” – covers what is required. Mentioning only anonymisation would probably be sufficient for Facebook’s purposes, as that would delete the information which was obtained from Facebook. Sites in the EU would have to consider their own GDPR obligations in relation to deletion.
I liked your comment but it might not be simple to implement. Not everyone will want a separate “Deletion policy” page. And once a Discourse forum has been installed, I don’t imagine anyone anyone wants the terms/privacy/etc pages changed by an update. If it’s changed just for new installs then there would need to be a comment to say “don’t delete this section as it’s needed for Facebook login”. The Facebook login instructions post would still need to refer to the required wording somehow.
It could go on any page.
The following will make the
#deletion part of the URL work, and add a heading.
<a name="deletion"></a> ## Deletion
You can have any contact details you choose.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.