Facebook Graph API vs. user's privacy settings

Using Facebook's Graph API, I'm a little confused about the interaction between the requested application permissions and the user's privacy settings.

I'm developing a web app that allows people to login via Facebook Connect, and then attempts to retrieve their interests and 开发者_StackOverflow社区friends list. I've set the Facebook application permissions as broadly as possible for testing:

perms="email, user_birthday, status_update, publish_stream, user_hometown, user_location, user_interests, user_relationships, user_work_history"

And yet I'm finding that the only way I can retrieve anything beyond the basic profile information is if the user's privacy settings are set to "Everyone".

Am I missing something? If the user allows the required permissions during application login, shouldn't that that precedence?

Maybe I'm not using the access_token correctly?

It should, and you are clearly doing something wrong. What are you coding on?