Another approach to managing Extended Permissions, that does not require requesting all of the Extended Permissions upfront, is to combine it with the FQL request from our Checking for existing Extended Permissions recipe—check for any missing permissions, request them, and then go on to attempt the API request.
In this recipe, we'll create an interface which we can use to authenticate with Facebook requiring no additional Extended Permissions. Our application will still authenticate with Facebook when it starts up, giving it basic access to the user's information, but it's not until we need to start making API requests that we need to check for those permissions.