They definitely did. That's a core part of the current controversy, I shouldn't have to dig up the evidence to prove this to you. The docs are on archive.org somewhere, but this TechCrunch article was more easily found, and covers the details:
Did it include information about a user's friends that the user themself didn't have access to? I think one can see one's friend's photos, checkins, and posts, so it makes sense that you would be able to forward that information (not that you should...). I think the grandparent was claiming that you weren't able to share any information about friends that you didn't already have access to.
https://techcrunch.com/2015/04/28/facebook-api-shut-down/
You used to be able to provide access to your friends photos, checkins, posts and more besides.