Permissions are added with the login code using the scope parameter. Details here
After adding permission, the administrator / developers / testers of the application can test your application and post messages; while the application is in development mode.
When your application is ready to send your application to view the login . After they approve your application with this permission, you can make your application publicly available, and anyone can post a message using your application. What is it.