I have used facebook api to fetch details of group members.
using api i can fetch user first name, last name but not able to fetch email address.
this is code
$member_profile = $facebook->api('/group_id/members?fields=id,first_name,last_name,email,gender,birthday');
You either did not authorize with the email permission or the email is not confirmed in the Facebook account - it´s also possible that the user did not login with his email, afaik you can login with a phone number too. In general, you can never be 100% sure to get an email from the user.
Debug your Access Token and make sure the email permission shows up: https://developers.facebook.com/tools/debug/
Related
I need to integrate Instagram API to fetch user's details like username and email and need to save these information for the user,
i read the below link:
https://developers.facebook.com/docs/instagram-basic-display-api
but this does not fetch the email id of the user,
i also read below link but it also does not provide email of the user:
https://developers.facebook.com/docs/instagram-api
If any body can reply, that will be helpful,
Thanks
That's a privacy issue to be able to fetch user's email and other information I think you would need to create an app that allows sign in or login then get any user that had signed in to your app, details for example if I sign in to your app you would need to get my email address you can do that using a simple database tool then convert that into an API by performing a post request once data has being sent to the database.
My question is almost the same as this one
only difference is that users has an option to register (provides his username and password).Users should only have one account registered, if the user has the same email I merged those accounts. and my application has another method for logging in which is via Facebook.
What I basically do is
When The User visits the for site for the first time, he or she then
gets created a User Account where the it only has Username ,password
and mail address after that third-party identity record is created
and then paired with the local account.however the Users table will
have an empty Username and password, but the email will be filled
with the users email that we have retrieved from the third party
service provider
And the Second Scenario
Users attempts Register to the site. check if email exist if the
email exist but it is registered using a third party account, Use
the user populated form and insert it to the user account paired
with the third party account, in short if the users email exist in the database I
will just merged the locally created account and the third party
account.
Now my question is my approach secure and credible? if not what is the best way to merge accounts and at the same time if the user registers with the same email(the one from the third party account) and he has a third party account, those account would be merge?
The way I look at this, there is only one account. One email, one account period. There might be various attributes associated with that account, like for e.g. linked to a set of OAuth credentials etc. But fundamentally there is only one account. If your user has registered once using a social account and then try to register again on your site, send them over to the social site which they used to register the first time and ask them to login there. Then log them into your site automatically. If the user has an account with your site and then tries to register again with a social account, tell them that you already have an account on the site and ask them to login. IMHO, keeping separate accounts and trying to merge them is a messy idea.
I would provide two sets of behavior, one when logged in and one when logged out.
When logged in, you provide the ability to link to new third-party accounts. For example, you sign up with email address and password, then log in, then you can link your Facebook account. To link your Facebook account you authorize with Facebook and then store the Facebook information in that user account record.
When logged out, you must log in with existing credentials. If, when logged out, you try to create an account with an existing email address, you either prevent the log in, saying "an account with that email address already exists", or you immediately challenge the user to log in to merge the account (in which case it works like the logged in case when linking an external account, only with the order of authentication operations reversed).
In case it's not clear from the above, I recommend having a single user account and a way to record linkages between that account and external accounts. You can do this in NoSQL buy just adding fields to the user document or you can do this relationally by having a table representing external accounts with a foreign key linking them to the user ID.
Beware not to use oAuth 2.0 !
The lead author himself resigned as it's not as safe as the 1.0 version.
You should prefer oAuth 1.0 or OpenID.
You can also have a look at Persona from Mozilla
I am working on a project related to both school and work where I would like to combine data from a college entrance application (which includes email address) and Facebook data, even a minimum amount of data, such as number of "friends" or any other public info they've put out there. Am I correct that you can't really programmatically search Facebook by email address? Feel free to make any suggestions.
Thanks
You can search Facebook by email address, you just can't reliably search Facebook by email address.
For instance, you can make this query with a user access token:
https://graph.facebook.com/search?type=user&q=USER#EMAIL.NET&access_token=TOKEN
I've tried this with a few people I know who are on Facebook, where I know their email address, but I am not friends with them. (Mostly my wife's friends).
In my testing, only about 20% of these queries return a Facebook user_id. I'm not sure if they don't have the email I know linked to their user account or if they have their privacy set to restrict their email address.
Once you have their user_id, you can access all their public information at
https://graph.facebook.com/USER_ID
You don't need an access token to get this information.
I have an android application which need the email address of the face book logged in candidate.
My application works as follows
the user can log in to my application using his face book account. After logged in he can select some items and clicks on OK button. When the user clicks the button ok we need to send an email to his "email address" telling that the details of the items he selected.
I am able to get the first_name and Last_name values but i also need the email address.
can any one tell me how to get the email.
You need to get Facebook extended permissions for that. Specifically you need the email extended permission.
Here's the link to the documentation where you can take a look at all Facebook's permissions you can use in its API.
When you authenticate, just make sure scope contains email like this:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream
I've got a decent set of existing users on my website who login via their emailaddress as their username.
I'm setting up Facebook OAuth mechanism to allow new users to sign up more conveniently, but I'm not sure how to handle the scenario when a user who already has an email address registered with our system and now tries to login via Facebook.
Should I consider him the same user?
Should I treat him like a new user?
The situation is more complicated by the fact that I dont validate their email addresses (when they login directly into my system), so i cant assume they are the same user.
How do others resolve this conflict, or do other folks simply treat this user connecting via FB as a new entity?
On your login screen, users can have a choice: you may put
new user: signup using facebook
since this is a totally new user account, then you just need to do your facebook connect + request for email permission, etc.
existing user: login by email
Once they do this, let them login using the old-fashioned way. Then once signed in, prompt them to connect this email address to their facebook account. So the flow is login via email then optional facebook connect.
To do this, I assume you've added a field on your database table for user_accounts, that is facebook_user_id or fb_id or user_id, etc. Then on facebook connect, get the logged-in-email, UPDATE table SET fb_id = xxx WHERE email = xx
I've pondered the same issue. I think we'll go with the verified email (Facebook Connect) getting attached to and logged into the existing account with the same email.
Before we connect and log them in we'll explain that the account exist and ask for their password (they signed up using email and password, so they should know it) to ensure it's the right person.
If you support multiple external authentications (Google OAuth, Facebook etc) then you may not have a password, and in that case it gets slightly trickier.
If you do log them in to the existing account without asking for a password, make sure you clear existing sessions to avoid 'anticipation attacks', where an attacker anticipates that the target signs up, creates an account and keep the session after they've signed up and attached to the attackers existing account.