|
|
|
|
|
|
by jeromebaek
2745 days ago
|
|
|
There are a number of different authentication schemas with varying levels of privilege. The best practice is always to give the smallest subset of privilege necessary to accomplish whatever task is needed. But it looks like Facebook basically gave On Behalf of User privilege -- the highest level -- to basically everyone who needed any sort of API access from Facebook. |
|
|