Any facebook app can "require" permissions simply by refusing to operate unless you grant it the permissions it wants.
Many developers request permissions they think they'll use in the future, so this trick is useful because it puts it back on the app to error out when the user is missing a permission it actually needs.
I disagree, an app should always check permissions on startup and request any that it needs, in case the user has removed those permissions on their own.
Why request the kitchen sink on startup? For example, if I have an app that posts on my wall when I perform certain actions inside the app, why not check and ask for that permission at that point? As a user the cause-effect will be clear since I've just performed an action that requires post.
The only benefit I see of the all-at-startup solution is that it provides one single "interruption" to the user. But the list of things an app might do can be large, even though it only may need to do some of them rarely. So if I see a big long scary list I'm more likely to just cancel out.
oauth2 permissions are not agile at all. there is no 'one time token' for some action or 'allow it for 1 day only'. If you allowed 'wall' - it's forever.
Yes, but at the first point where the user performed an action relevant to their desires, you have requested the associated permission. The connection is clear in their mind and the app's request for that permission makes sense.
yes, if user removed it by himself. agreed. but it is a rare scenario. usually user just removes authorization. only 'geeks' remove specific scopes.. i am usre
Many developers request permissions they think they'll use in the future, so this trick is useful because it puts it back on the app to error out when the user is missing a permission it actually needs.