Introduction
This article covers the permissions requested, and needed, when a manager connects a feed from inside the manager app. As background, the platform has the capability to import content automatically from 3rd party sources such as Facebook, LinkedIn, and Twitter. This lets a manager easily populate a community with content if it already exists elsewhere.
On a technical level, after a manager sets up the connection, the platform will periodically poll the feed and import content. There are different ways that the DySi platform can connect to a third party provider, for example by the RSS standard, or by the OAuth standard. This article addresses only the OAuth standard.
In order for the DySi platform to import content from an OAuth content provider (such as Facebook), the platform must make API calls with a valid authorization token included. This token is like a password that DySi uses to get access to the account, because Facebook and other OAuth providers would prefer that only authorized parties have access to their member's content.
In order for the DySi platform to obtain the authorization (and be able to prove it using an authorization token), the platform uses an OAuth flow, which is a way for a manager, who has permissions to the content on the third party platform, to tell that third party that they are OK with giving DySi access to the content. As part of the process of telling the third party platform that they are allowing DySi to have access, that manager tells the third party that DySi has certain capabilities with the content.
DySi's policy is to request the minimal possible permissions in order to be able to import content. However, every OAuth provider has their own scheme of granting permissions, and may grant permissions in as part of a set, so that even though DySi only needs certain permissions, more permissions than absolutely required are granted by the platform.
Below are the OAuth screens from various different providers. Even though the permissions granted cover a lot of things, the DySi platform only uses these connections to import content.