I'm trying to integrate the Facebook login flow into a website (as per this page: https://developers.facebook.com/docs/facebook-login/web), and I'm having issues with trying to force the login modal to request access to the user's Facebook email address.
Specifically, I'm executing the following code from my JS:
FB.login((response) => {
if (response.status === 'connected' &&
response.authResponse) {
// Do something with the response here.
}
}, {
scope: 'email',
return_scopes: true
});
The response is coming back as connected when the user successfully logs in, and I am getting the user's user ID, access token, etc., but when they click on the button in my UI that calls FB.login, the modal that pops up for Facebook does not ask the user if they want to grant access to their email address. Why?
For the site I'm building, I need access to the user's Facebook email address. If they were to be asked and deny access, that's one thing, but the modal that pops up isn't even asking them for access to their email address, and I don't get their email address back in the response.
Furthermore, if I make a subsequent call to the following, the email permission comes back as declined:
FB.api(`/${response.authResponse.userID}/permissions`, (response) => {
console.log(response);
});
Does anyone know why I can't prompt the user for access to their email address? Thanks.
Edit: It might be worth mentioning that I'm testing this on localhost, and I wonder if that's having an effect. In the Facebook for Developers dashboard, I did set my localhost virtual host (e.g., site-name.test) as an allowed URL for redirects, and it does let me log in with Facebook and get the user ID, etc., but it just never prompts the user for access to their email address. Thanks.
Thanks again to misorude for the answer. Without that, I would have never figured this out. To sum everything up, the problem was that during testing, I had apparently already once declined the request to provide access to my email address, and after that, it no longer asked me for permission to access it.
As such, you have to pass an extra parameter to FB.login in order to force it to re-ask the user for access to their email address. Specifically, it's the authType parameter, and here's how you pass it:
FB.login((response) => {
if (response.status === 'connected' &&
response.authResponse) {
// Do something with the response here.
}
}, {
scope: 'email',
authType: 'rerequest'
});
That will give you access to the email address (assuming a user has one registered; again, thanks to misorude for noting that), but it doesn't actually return the email address. To get that, you then have to send an API request to /me with a fields parameter requesting the email address to get it. I figured out how to get that via the following SO answer: https://stackoverflow.com/a/31763373/1992973
Specifically, a full solution is something like the following:
FB.login((response) => {
if (response.status === 'connected' &&
response.authResponse) {
FB.api('/me?fields=email', (response) => {
// The email should be in the response, assuming the user has one registered with FB.
});
}
}, {
scope: 'email',
authType: 'rerequest'
});
Related
We have issues with our web app and Facebook.
I'm doing the Login with scope email
FB.login(function(response) {
// my code
}, {scope: 'email', auth_type: 'rerequest', return_scopes: true});
I got the popup asking permission for the email, and other fields
I accept it, but then after getting the access_token, I call
https://graph.facebook.com/v15.0/me?fields=id,first_name,last_name,name,email,picture.type(large)&access_token={MY_TOKEN}
The email field is not in the response
What I don't understand is that user is a test user created on Facebook app page. One in Two users I create have this issue. For some other users, I have the email with the same exact procedure
Do you know what could happen?
We are experiencing the same issue.
WizKid is right. Try using https://developers.facebook.com/tools/explorer/ and you'll see that when you get no email, this tool shows "The email field was not returned. This may be because the email was missing, invalid or hasn't been confirmed." message.
I'm trying the Facebook login API for the first time on a web app deployed locally.
I init the API with the snippet in their documentation and have a button on my HTML page
<button type="button" onclick="fbLogin()">
Where fbLogin() is
function fbLogin() {
FB.login(function(response) {
console.log(response);
// handle the response
if (response.status === 'connected') {
// Logged into your app and Facebook.
} else if (response.status === 'not_authorized') {
// The person is logged into Facebook, but not your app.
} else {
// The person is not logged into Facebook, so we're not sure if
// they are logged into this app or not.
}
}, {scope: 'public_profile,email,user_friends'}); // TODO: If the user doens't provide the email address prompt it for email. Also, don't ask for friend list when its a simple logout maybe? Specify why it's needed first. If it doesn't provide the friends access, re-prompt the request, explaining him it can have a more social experience if he accepts (can see when its friends win and congratulate with them, (we can also prom him to invite some friends))
}
When I try to log in the message
"You are using a display type of 'popup' in a large browser window or tab. For a better user experience, show this dialog with our JavaScript SDK without specifying an explicit display type. The SDK will choose the best display type for each environment. Alternatively, set height and width on your window.open() call to properly size this dialog if you have special requirements precluding you from using the SDK. This message is only visible to developers of your application."
shows up.
Screenshot
As you can see though, I am not specifying any specific display type; so I really don't know what to do with this message.
Other Google entries didn't have a solution for this problem.
What action do I need to take in order to remove it?
Perhaps I am going about this the wrong way but I have a website that allows facebook login.
If the user has already registered on my website
and is logged into facebook but not logged into my site
when visiting the login page i check for their facebook login status and get response.status === 'connected' via-
FB.Event.subscribe('auth.authResponseChange', function (response)
{
if (response.status === 'connected')
{
var s = JSON.stringify(response.authResponse);
LogMeIn(s, function(response)
{
HandleAjaxError(response, function(msg)
{
window.location = '/_/';
});
});
}
}
I then want to pass their authResponse object to the server and confirm that this userid works with this token before I log them in as this user
I have read to simply grab the json contents of -
https://graph.facebook.com/{userID}?access_token={accessToken}
and if it does not return an error then it is good! But when testing this method I noticed that the same access_token worked for two different user ids (meaning it did not return an error for the userid that was not logged in on my computer). Instead it returned the facebook user object with name , location etc.
This really surprised me, as I expected the access_token to work only with a single user id.
In an effort to prevent someone from simply changing the user id before continuing the script I need to authenticate via server side. What is a way to accomplish this?
Proof, go to these links to see profile information
My profile-
https://graph.facebook.com/1233822590?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Another userid with same access_token-
https://graph.facebook.com/100000116781159?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Nothing to be surprised. You can fetch the basic details of any user of the facebook using the access token of any user of the facebook.. So this isnt really good way to validate the token. Moreover, that confirmation of token part isnt required.
If you want the authorization through server side go through.this link
I've been doing user authentication with everyauth and Facebook and all works well. Now, I want to integrate an ability to post to Facebook. Since my app asks only for email scope when users first login, I'll need to get a larger FB scope, and am trying to follow the FB guidelines and only ask for this additional scope when I need it.
I added the following code to my everyauth configuration as per the docs:
everyauth
.facebook
.appId(conf.fb.appId)
.appSecret(conf.fb.appSecret)
//TODO add custom redirect for when authentication is not approved
.scope(function (req, res) {
console.log('Setting FB scope');
console.log('Session: ' + util.inspect(req.session));
var session = req.session;
switch (session.userPhase) {
case 'share-media':
return 'email,user_status';
default:
return 'email';
}
})
All is well when an unauthenticated user logs into the application. The problem is that when I want to "up the ante" on FB scope, which I do by setting req.session.userPhase to 'share-media', and then present a link to /auth/facebook to confirm they want to allow posting to FB. When this happens, I get an error that req.session is undefined from the above code (all of req is undefined).
I assume this is since a previously logged-in user is essentially re-authenticating, but isn't that how I would get more scope from Facebook? Am I going about this the wrong way?
Thanks!!!
I start using the new Auth Dialog and I set it to ask for the users email permission, the problem is that I get the user proxy email address (with facebook servers). How can I solve this? I need the user original email.
I'm using JS sdk and FQL to retrive user email, but recieveing proxy email:
FB.api(
{
method: 'fql.query',
query: 'SELECT name, email FROM user WHERE uid=me()'
},
function (response) {
alert('e ' + response[0].email);
}
);
You can't force the user to give you his/her original e-mail address. And I can't see the problem here, whatever e-mail you want to send to the user...Facebook will forward it for you!