I know this is not a right question for SO format. I am asking as many experts are here.
My friend have a fake account (this fake account is not in my friend list). I want to know the email id with which he logged in for the fake account.
I tried http://graph.facebook.com/username.
Here username is the userid or the username (that FB creates).
Is there any way where I can get the user email id with which the user gets logged in?
Given that revealing a person's email without consent would be a violation of that person's privacy, this is not possible.
The only way to get access to this data would be to have the user grant the email permission to your app, at which point you could use /me?fields=email.
Related
Initially, we have enabled FB login to one of our iOS app. At that time, we were only storing Facebook unique number in our database for user's unique identification purpose. Now that our customer is asking us to enable Google Login, since we didn't store user's email address at the time of their login, it became tricky for us authenticate existing FB users if at all if they want to use Google login. Consider, user is using google email as their FB login. Now we need your help in getting user's email id by using FB unique number which we already have it in our db. Your help in this regard would be highly appreciable. Thanks in advance.
There is no way to get the email of a user on Facebook, unless he specifically authorized your App with the email permission.
I'd like to offer our users a Facebook login option. But I'm not sure how to identify existing users (without a stored Facebook ID).
From the docs:
https://developers.facebook.com/docs/facebook-login/multiple-providers#addingfacebook
After a successful login using Facebook, you will have the person's
email address, Facebook ID, and access token. Your app should search
for an existing account that has been created with that same email
address. If one exists, you should merge the two accounts and add
the Facebook info to the existing account - as recommended above.
That doesn't sound like a secure approach to me. What would prevent someone from creating a new Facebook account with a fake email address that matches a user account in my app and then use my Facebook login option? (Obviously, this will not work if the user already owns a Facebook account)
Your concern...
That doesn't sound like a secure approach to me. What would prevent someone from creating a new Facebook account with a fake email address that matches a user account in my app and then use my Facebook login option? (Obviously, this will not work if the user already owns a Facebook account)
TL;DR
Facebook Registration process
Go to facebook.com/reg.
Enter the name you go by in everyday life.
Enter your email or mobile phone number.
So...
Facebook needs your email or phone number, that means there's no way someone can use another account's email or phone number to sign up again.
My advice to you is...
You have two or more authentication methods - 1 manual (email & pass) | the rest (social login).
You already have users, so when users login using OAuth and a matching email or phone number is found, you ask permission to link their Facebook account to your app or site account with a matching credential.
At this point you should authenticate the persons identity one last time, by having them enter the password for their account on your app or site.
Now you can safely assume this person is who they say they are and store their info in your DB.
I'm creating a website that people can send sms from my website, I want to implement facebook login to my website and any one who logs in to my website using his facebook account and doesn't have an account in my website i want to create one for him. as he should later enter his phone number and verify the number and without having an account in my website its not possible. now the problem is if I use his facebook username to create the account it might cause duplicate name (as someone else might have got that username).
I will of course combine the information of the existing accounts when someone uses facebook login which have already account in my website. this is not a problem.
what would you suggest?
thanks in advance.
Dont use the Facebook user name as the userName column of your users database. You can get many other unique information from a Facebook user, like e-mail or facebook ID. Use them to "connect" between the information from your database details and the info you receive from Facebook.
For example:
When signing up to your website, one of the fields you can ask is the facebook login e-mail. Thats how a user would have the option to login to your website by Facebook, without any connection between his facebook user name and your user name.
In your user details table, just add a facebookEmail column, then, after you implement the Facebook Login API and a user login, check to see if his e-mail (from facebook) is in your table.
now the problem is if I use his facebook username to create the account it might cause duplicate name (as someone else might have got that username).
Well, then either build in a check if the user name is still free and if not prompt the user to enter a different one; or
automatically chose a different user name, f.e. by using a counter – if the user name from Facebook is foobar and this is already taken, then check if foobar1 is available, etc.
If creating it automatically, maybe you want to give the user the possibility to change it afterwards.
Am developing a system for an app to award points users for recruiting their friends. When the friend accepts the request I can retrieve the id of the person who invited them but can not find their email.
Have tried:
$fbInviter = $facebook->api("/$inviterId", 'GET');
$fbInvEmail = $fbInviter['email'];
but it appears ['email'] isn't in the returned array.
The app requests permission from each user when the first access it aswell as requesting offline access so permissions shouldn't be a problem.
Any ideas?
There is no way to get the email address for a Facebook user other than the current user, and the current user's address is only available if they've granted you the email extended permission
I own an application which has already granted the send-email extended permission. Unfortunately I didn't record the email address's upon their login process. Is there any way to get email of users now, even if they are not logged in?
Keep in mind that they have already granted the email extended permission, but unfortunately I didn't store their emails.
If you recorded their Facebook user ID, you could try to call graph.facebook.com/userID?access_token=... with your application access token or appID|appSecret.