Submitting Facebook TeamRaiser app for review

Reid Dossinger

Has anyone had luck with successfully submitting their Facebook app that connects to TeamRaiser for review? I've sent ours to review, but most of the permissions that I've requested have been rejected.


Background:


We implemented the Facebook and TeamRaiser integration this past April. We have two Facebook apps that were set up entirely by Blackbaud to allow people to connect their TeamRaiser fundraiser to a Facebook fundraiser. It works great, but I have no idea how it works, since Blackbaud just asked for admin access to our Facebook apps, set it up, and now won't support us or give us any information on how the app works.


I was told that we needed user_gender, user_age_range, and user_link. We were told we did not need user_friends.


When I submitted the app, I went did a screencast of the login process: going to the TeamRaiser page that prompts users to connect to Facebook, then going through that process, showing where it displayed the gender and age range. Based on that, gender and age range were not approved, and more information was asked for user_link, but I don't know what user_link to give.


For those of you who have done this and succeeded, how did you give a screencast and details to get the app accepted?


Also: how would I even know what is being used by the app? I don't have any documentation on how the app works, no knowledge of where the underlying code (is there underlying code?) exists, and our customer representative and the original developer have both refused to help. Any help the community could offer would be greatly appreciated.


(Note: this is NOT the Jainrain app. This is the app that allows people to take donations via Facebook for their TeamRaiser registration.)


 

Noah Cooper

Reid Dossinger:

Has anyone had luck with successfully submitting their Facebook app that connects to TeamRaiser for review? I've sent ours to review, but most of the permissions that I've requested have been rejected.


Background:


We implemented the Facebook and TeamRaiser integration this past April. We have two Facebook apps that were set up entirely by Blackbaud to allow people to connect their TeamRaiser fundraiser to a Facebook fundraiser. It works great, but I have no idea how it works, since Blackbaud just asked for admin access to our Facebook apps, set it up, and now won't support us or give us any information on how the app works.


I was told that we needed user_gender, user_age_range, and user_link. We were told we did not need user_friends.


When I submitted the app, I went did a screencast of the login process: going to the TeamRaiser page that prompts users to connect to Facebook, then going through that process, showing where it displayed the gender and age range. Based on that, gender and age range were not approved, and more information was asked for user_link, but I don't know what user_link to give.


For those of you who have done this and succeeded, how did you give a screencast and details to get the app accepted?


Also: how would I even know what is being used by the app? I don't have any documentation on how the app works, no knowledge of where the underlying code (is there underlying code?) exists, and our customer representative and the original developer have both refused to help. Any help the community could offer would be greatly appreciated.


(Note: this is NOT the Jainrain app. This is the app that allows people to take donations via Facebook for their TeamRaiser registration.)


 

Reid,


Sorry if this process has been frustrating for you! We're trying to refer everyone to the Community for assistance with this, not meaning for that to come off as refusing to help.


I just want to clarify -- this is in fact the Janrain app. The same app is used for Janrain and Facebook Fundraisers, but these permissions are related to logging in with Janrain, not creating a fundraiser. Your app wouldn't have been created by Blackbaud, it already existed. It is certainly possible your organization had an outside vendor setup the app for you. We generally recommend against this for the very situation we're in right now; having an outside vendor setup the app makes it more difficult to manage when changes inevitably happen on the Facebook platform.


I'm not sure why Facebook would've denied you those permissions, given that if you login using Facebook from https://secure3.convio.net/lupus/site/UserLogin, you'll see that we do pull in the Gender and Date of Birth. Just to confirm, that is the process you submitted to Facebook, correct?

Reid Dossinger

As mentioned in the original message, what I submitted to Facebook was the login from the TeamRaiser app. In our case, you register for a walk in TeamRaiser, and then on the last page, you go to connect that TeamRaiser page to Facebook. This is the screenshot that I submitted: https://www.dropbox.com/s/77wtj1flsjp8xb1/Facebook%20App%20Submission.mp4?dl=0


While the app may indeed be working with Jainrain code, it's Facebook that's asking for the resubmission of the Facebook app. Our Jainrain app has been updated according to the instructions. But Facebook is still rejecting it. Our primary app got two disapproved and one request for more information. Our secondary app got all disapproved.



 

Noah Cooper

Reid Dossinger:

As mentioned in the original message, what I submitted to Facebook was the login from the TeamRaiser app. In our case, you register for a walk in TeamRaiser, and then on the last page, you go to connect that TeamRaiser page to Facebook. This is the screenshot that I submitted: https://www.dropbox.com/s/77wtj1flsjp8xb1/Facebook%20App%20Submission.mp4?dl=0


While the app may indeed be working with Jainrain code, it's Facebook that's asking for the resubmission of the Facebook app. Our Jainrain app has been updated according to the instructions. But Facebook is still rejecting it. Our primary app got two disapproved and one request for more information. Our secondary app got all disapproved.



 

This is not related to Facebook Fundraisers. Where the permissions are used is in the login workflow. The simplest way to see this is to go to https://secure3.convio.net/lupus/site/UserLogin and login with Facebook. There you will see name, street address, gender, and date of birth are collected from the user, and pre-populated from the user's Facebook account (assuming the permissions are approved). That's what you'll need to submit a screencast of.


This is related to Janrain, since Janrain is what is used in Luminate Online to login with Facebook, but it is not something you manage in the Janrain app. 

Reid Dossinger

I'll try that, but the screencast of the login doesn't give any more information than the screencast of the TeamRaiser. It shows nothing more than "Reid Dossinger, profile picture, 21+ years old, male, and other public info" and then shows my email address. It's only the email address that's the same.


It's not the "login with Facebook" part that we're worried about. It's making sure that people can connect the TeamRaiser fundraiser to a Facebook fundraiser. So my questions:


- Do we really need user_gender, user_age_range, and user_link for TeamRaiser fundraisers to be connected to Facebook fundraisers?

- What did Blackbaud do to connect this app to Facebook fundraisers? 


If we can simply let those three permissions go and only lose demographic data, that's fine. But if we'll lose the ability to have people connect TeamRaiser fundraisers to Facebook fundraisers, that's what we're concerned about. From the documentation on connecting Facebook and TeamRaiser, it doesn't seem to require any of those fields, just an app ID.


 

Noah Cooper

Reid Dossinger:

I'll try that, but the screencast of the login doesn't give any more information than the screencast of the TeamRaiser. It shows nothing more than "Reid Dossinger, profile picture, 21+ years old, male, and other public info" and then shows my email address. It's only the email address that's the same.


It's not the "login with Facebook" part that we're worried about. It's making sure that people can connect the TeamRaiser fundraiser to a Facebook fundraiser. So my questions:


- Do we really need user_gender, user_age_range, and user_link for TeamRaiser fundraisers to be connected to Facebook fundraisers?

- What did Blackbaud do to connect this app to Facebook fundraisers? 


If we can simply let those three permissions go and only lose demographic data, that's fine. But if we'll lose the ability to have people connect TeamRaiser fundraisers to Facebook fundraisers, that's what we're concerned about. From the documentation on connecting Facebook and TeamRaiser, it doesn't seem to require any of those fields, just an app ID.


 

This is not related to Facebook Fundraisers. The only permission needed to create fundraisers is a completely separate permission called manage_fundraisers that Blackbaud requests on your behalf when the integration is enabled.


These permissions are used by Janrain and Janrain only, for the purposes of logging in and creating a constituent record. You'll see after you approve the Facebook permissions from the login page that you are taken to a page that requests name, street address, gender, and date of birth. If the permissions are approved in Facebook, these fields are pre-filled. That is the page that Facebook is expecting you to submit in your review.


If you don't get approval for these permissions, what it will mean is that the fields will not be pre-populated when someone logs in with Facebook. 

Jeremy Reynolds

Facebook shot me down on those permissions too, despite our submission stating that the details are legally required on our end for participant waiver purposes. They're just being extra-safe after the Cambridge Analytica stuff.


Facebooks denial did seem to break our social login on August 1. Workaround was to go into Janrain Dashboard and disable the permission by clicking on the wrench icon that shows when hovering over the provider. Look for the starred items on the settings page and uncheck gender and birthday.



 

Reid Dossinger

Noah Cooper:

This is not related to Facebook Fundraisers. The only permission needed to create fundraisers is a completely separate permission called manage_fundraisers that Blackbaud requests on your behalf when the integration is enabled.


These permissions are used by Janrain and Janrain only, for the purposes of logging in and creating a constituent record. You'll see after you approve the Facebook permissions from the login page that you are taken to a page that requests name, street address, gender, and date of birth. If the permissions are approved in Facebook, these fields are pre-filled. That is the page that Facebook is expecting you to submit in your review.


If you don't get approval for these permissions, what it will mean is that the fields will not be pre-populated when someone logs in with Facebook. 

 

Okay. Blackbaud had asked for admin permission for our apps in order to set up the connection between Facebook fundraisers and TeamRaiser. 


From this conversation, what I'm now hearing is that the integration between Facebook and TeamRaiser doesn't have anything to do with this app resubmission, and that the approval of gender, age range, and user_link are not required for that integration to work. If that's not the case, let me know.

Noah Cooper

Reid Dossinger:

Noah Cooper:

This is not related to Facebook Fundraisers. The only permission needed to create fundraisers is a completely separate permission called manage_fundraisers that Blackbaud requests on your behalf when the integration is enabled.


These permissions are used by Janrain and Janrain only, for the purposes of logging in and creating a constituent record. You'll see after you approve the Facebook permissions from the login page that you are taken to a page that requests name, street address, gender, and date of birth. If the permissions are approved in Facebook, these fields are pre-filled. That is the page that Facebook is expecting you to submit in your review.


If you don't get approval for these permissions, what it will mean is that the fields will not be pre-populated when someone logs in with Facebook. 

 

Okay. Blackbaud had asked for admin permission for our apps in order to set up the connection between Facebook fundraisers and TeamRaiser. 


From this conversation, what I'm now hearing is that the integration between Facebook and TeamRaiser doesn't have anything to do with this app resubmission, and that the approval of gender, age range, and user_link are not required for that integration to work. If that's not the case, let me know.

 

That's correct. For Facebook Fundraisers, we're leveraging the existing app for Janrain whenever there is one, so that we don't end up asking users to grant basic login permissions twice. That's the only thing Facebook Fundraisers rely on though -- the rest of the permissions are used only for logging in and creating constituent records. Even if your app loses those other permissions (which it already has), Facebook Fundraisers will continue to function. Still worth correcting, though, as users obviously expect that if they login with a social site, their info will be pre-filled.

Noah Cooper

Jeremy Reynolds:

Facebook shot me down on those permissions too, despite our submission stating that the details are legally required on our end for participant waiver purposes. They're just being extra-safe after the Cambridge Analytica stuff.


Facebooks denial did seem to break our social login on August 1. Workaround was to go into Janrain Dashboard and disable the permission by clicking on the wrench icon that shows when hovering over the provider. Look for the starred items on the settings page and uncheck gender and birthday.



 

Sorry to hear this was denied for you too! I meet with Facebook a few times a week, I'll make sure to raise this with them the next time I talk to them to see if there's any way to get this cleared up for all customers, so you can continue to pull in gender and date of birth.

Reid Dossinger

Jeremy Reynolds:

Facebook shot me down on those permissions too, despite our submission stating that the details are legally required on our end for participant waiver purposes. They're just being extra-safe after the Cambridge Analytica stuff.


Facebooks denial did seem to break our social login on August 1. Workaround was to go into Janrain Dashboard and disable the permission by clicking on the wrench icon that shows when hovering over the provider. Look for the starred items on the settings page and uncheck gender and birthday.

Thanks very much, Jeremy. Neither gender nor birthday were checked in our Janrain app, so I guess we're good?


I understand them being extra careful, but I'm also really confused as to what they're looking for. They're unclear with the process, and too strict about not approving these very simple things.

Jeremy Reynolds

Noah Cooper:

Sorry to hear this was denied for you too! I meet with Facebook a few times a week, I'll make sure to raise this with them the next time I talk to them to see if there's any way to get this cleared up for all customers, so you can continue to pull in gender and date of birth.

Thanks, Noah!


If it helps for their reference, I put the follow up ticket in at https://business.facebook.com/direct-support/question/284643425642042/?business_id=10152935523512107 (haven't heard anything, but I figure it's because they've got a hojillion tickets after Aug. 1).


@Reid_Dossinger, I imagine so. It's not really the end of the world, it just means that people will have to enter the details themselves. We end up requiring it anyway during the TR signup, so this just would have saved them a step in the process. Would still be nice to have for the sake of segmentation on those who don't finish an event participation, but that's probably a pretty small number for most orgs.

Reid Dossinger

For those people checking in/following: I'm still trying to make sense of this, but it seems that none of the permissions that I had thought we had needed--user_gender, user_age_range, and user_link--are not actually needed. This is the response I got from Facebook when I submitted a request for detail on our permissions denial:

It is correct that you are showing how the user logs in, but for us to understand the intended functionality and approve the permission we need to understand how the requested permission will improve the user experience. You need to provide a screencast showing how the users will benefit with the permission in your app. At the moment you are just showing how the user logs in. Based on that only, we can not approve the permission.

The only thing that I know how to do is to show how a user would connect to the app, which shows the age range and gender. I wouldn't know how to show how people use user_link, nor how to show "how the permission will improve the user experience".


From this, my assumption is that these permissions are not actually needed to either log in with social or to connect donations from Facebook to TeamRaiser.


Can anyone confirm this? Do we actually need these in order for the app to work with TeamRaiser? And if we do, how do I go about screencasting how it would show how it would improve the user experience so that the permissions can be approved?

Jeremy Reynolds

Can anyone confirm this? Do we actually need these in order for the app to work with TeamRaiser? And if we do, how do I go about screencasting how it would show how it would improve the user experience so that the permissions can be approved?

I can confirm, they aren't needed. If you disable them in Janrain dashboard, it'll fix the plugin.


I was able to get them approved eventually (just yesterday, actually), but I had a handful of user-facing ways we use it to show Direct Support. Probably wouldn't have gotten across the goal line without them...user_gender was needed for our Run/Walk legal waiver. Facebook told me that pre-filling forms and segmenting children isn't acceptable use; what did work was that we were send birthday emails. I sent them a screenshot of the email we send, and they approved user_birthday. To my knowledge, user_link isn't needed for anything (I don't think LO captures it either), so I dropped it.


If you aren't doing an image/style swap based on gender, or don't need it for legal waiver, I'd drop the request. Same with birthday (there isn't a good way to do these in LO anyway, I'm only able to by generating the recipient list in RE and syncing it). It kinda stinks to lose either datapoint, but if it's not tangibly changing the web experience then you'll have a hard time getting it to pass.


I'm also guessing that things wouldn't have gone as smoothly if Noah hadn't put a word in directly. Thanks Noah!


P.S. In case it helps, here's the code I use to swap images...
<img src="https://support.zerocancer.org/custom/TeamZERO16/images/pc2-[[?xMalex::x[[S1:cons_gender]]x::::wo]]man.jpg]]" />

Reid Dossinger

Fantastic. Thanks very much, Jeremy. And it always helps to include bits of code! 


I'll remove the request for those permissions, then. 


Thanks again!

Kathryn Hall

Jeremy Reynolds:

If you aren't doing an image/style swap based on gender, or don't need it for legal waiver, I'd drop the request. Same with birthday (there isn't a good way to do these in LO anyway, I'm only able to by generating the recipient list in RE and syncing it). It kinda stinks to lose either datapoint, but if it's not tangibly changing the web experience then you'll have a hard time getting it to pass.

Hi, Jeremy - Did you see the birthday Lists filter? It came out last fall along with a few other very useful little filters:  https://community.blackbaud.com/blogs/4/4125  - as long as you have birthday data in LO, campaign is now a whole heckuva lot easier. 

Philip Nawrocki

This does exist, but there is a bug if you want to use Lists to send an e-mail on the constituents actual birthday.


Thanks,


Phil