Facebook have made further changes to the API connection method. In the wake of their data scandal they have been aggressively scrambling to increase the security of their developer platform and the sites that connect to it. Well that is obviously a good thing it does make it extremely frustrating for legitimate users as it is yet more hoops to jump through. Anyway, the issue.
Connecting your site to Facebook via the API
When connecting your site to Facebook via the API you might now come across a warning like the one below:
“Invalid Scopes: pages_manage_instant_articles, read_insights. This message is only shown to developers. Users of your app will ignore these permissions if present. Please read the documentation for valid permissions at: https://developers.facebook.com/docs/facebook-login/permissions”
This occurs because, well the Facebook App is technically in Live mode, it hasn’t been through the Facebook Review process yet. This never used to be a problem but Facebook are not much stricter on what unreviewed apps can do.
How to fix it
Luckily the fix is quite simple. Put your App in Development Mode.
At the top right of the screen on your Facebook App page, toggle the Live toggle to the off position. Instant Articles work quite happily in Development mode as long as the User you use to connect your site to Facebook has a specific role on the Facebook App (Administrator, Developer etc). Because we’re only using one Admin User to connect to the App with and it’s not open to the general public it really doesn’t need to be Live or go through the App review process.
Hopefully this is the last major security change Facebook to their Developer program, though I doubt it.