I am using the server-side authentication flow, and when requesting the email extended permission, once in a blue moon the email address is not sent back, causing my application to break.
That information is required for my application to function properly, so I will modify it to re-prompt the user. But I would like to understand why/how this happens since I cannot find any way to revoke that permission from the application when authorizing. The dialog states that the permission is required. Is this because of accounts belonging to minors that can't give out that information?
I'm requesting like so: https://www.facebook.com/dialog/oauth/?client_id=$appId&redirect_uri=$fbAuthUrl&state=$stateString&scope=email
It's possible that some users simply won't have an email - Earlier, it was possible to sign up for Facebook with a cell phone only - I'm not sure if there's some other reason or, it could be a bug with the API
After much head banging, I found this bug filed with Facebook that I think is responsible:
https://developers.facebook.com/bugs/487563591260030
Related
How would I get the email address associated with an active Facebook App ID, if all the usual methods (such as here, and here) don't return any email information with my creator-uid?
(I simply don't get the email field returned, even when I specifically request it as per here. I don't think this is a case of this as I didn't get an "App has no owner" error, or any error whatsoever.)
I've also tried this, but I'm in a catch-22 as I can't log in to select the application first.
I'm looking for the owner email address, so I can log in to make administrative updates following graph API updates.
Other specifics:
I get the following when I hit the Graph API via: https://graph.facebook.com/{my-app-id}?access_token={my-access-token} or https://graph.facebook.com/{my-app-id}?access_token={my-access-token}&fields=email
{
"name": "my-name",
"id": "my-creator-uid" }
I've tried to recover my FB account using all emails I can think of, but FB says 'no account exists' for each that I try. (This is a data-analytics corporate account being used to gather data for 12+ months, so I can't simply create a new account/app ID and start using that instead, as app-scoped user IDs will change.)
I've also tried viewing https://www.facebook.com/app_scoped_user_id/{my-creator-uid}/ and https://www.facebook.com/{my-creator-uid}/ from another company FB account, but both get:
Sorry, this content isn't available right now The link you followed
may have expired, or the page may only be visible to an audience
you're not in.
What else would you suggest? What might have happened? I've tried to contact Facebook, but that search led me to this forum post, so I'm here. Thank you in advance for your help.
This is not a programming question, try to get in touch with the Facebook Team, if you are working with Facebook paid services (like Advertising) you might have an account representative that can accelerate the things a little bit (But this can be a really long wait).
A more realistic option is to create a new profile and an new app, also your application will be reviewed as well (Take a little less time than previous option).
I started a submission for two permissions (manage_pages and read_insights) and it has been approved.
How can I re request the permissions now?
The thing is, that I already used the permissions in my web-app, but I was missing the changes on April 30. That means, my customers already accepted the permission before, but in case of the changes, they had been removed.
This is what my authentication code is looking like:
https://www.facebook.com/dialog/oauth?client_id={my appId}&redirect_uri={my redirectUri}&auth_type=rerequest&scope=user_friends,email,public_profile,manage_pages,read_insights
This is not working at all... I was already using Fiddler to see what's going on and it says, that I declined the permissions. But I was not even able to accept them because I wasn`t asked.
Can someone help me please?
According to the docs you need to add the auth_type=rerequest parameter to the request, as you already seem to do:
https://www.facebook.com/dialog/oauth?
client_id={app-id}&
redirect_uri={redirect-uri}&
auth_type=rerequest&
scope=user_friends,email,public_profile,manage_pages,read_insights
See
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.3#reaskperms
The behavior you experience might be because you didn't went through Login Review, which you need to do if you want to use the extended permissions in your app.
See:
https://developers.facebook.com/docs/facebook-login/review/…
Try with one of your app's admins/testers/developers and see if it works then.
Is it possible to figure out reliably what the Facebook email of any Facebook user would be? I know earlier this was not possible because not all users had a username. But I believe that has changed since...
I'm trying to figure out a way to let a user send a direct message to their friend through my app. The Request feature is pretty messed up now as you cannot send a custom message, which means most friends are probably going to ignore the request.
The type of messages that I am trying to let my users send to their friends would not be considered spam by Facebook, as these are messages sent directly from the user to their friend, except it is done through the app. But it's pointless if the message just says "Joe wants you to try this app..." The usefulness of an app on the Facebook platform is becoming questionable now.
I think that facebook terms and conditions disallow this...
Facebook messaging (i.e., email sent to an #facebook.com address) is designed for communication between users, and not a channel for applications to communicate directly with users."
Despite your caveat at the end of your post I believe that facebook would consider this a message from your app to the user.
In terms of your question, then the user data returned includes 'username' which is the information you need to create the email address.
Is it possible to figure out reliably what the Facebook email of any Facebook user would be? I know earlier this was not possible because not all users had a username. But I believe that has changed since...
Yes, now every user should have a username set – if not by themselves, than FB will have chosen one for them.
Besides that, I think writing to userid#facebook also works.
But I agree with combinatorial’s answer – Facebook explicitly says that this should not be used for app-to-user communication. To judge if your case is OK is up to you – otherwise you might consider using the send dialog instead, that’s more of the “designated” way to have users communicate “through” your app.
If what you are looking for is to give them a new message notification, it is not going to work. Because, if you send an email to the facebook email, it will land in the Others folder in the message box, which is like a spam box.Try mailing your own #facebook id and see what happens.
And Facebook doesnt give any documentation of how to get users #facebook email, most probably because they dont want developers to use it.
Why dont you mail them directly? You can easily get their email by adding email to the scope, and you can catch the email easily too.
$data = file_get_contents("https://graph.facebook.com/me?access_token=xxxxxx");
$data = json_decode($data,true);
$email = $data['email'];
Is that a viable option in your case?
Facebook Graph API.
I am requesting email permission and it works all fine except for some users, the json does not return email field. I am not sure why this happens. The code is same and it works great for all users, returns email field except 1 in 100 or so users where it does not have this field in json. All other fields are there.
Has anyone faced this problem before ??
I checked the facebook privacy settings and there is nothing that prevents email from coming in json if user grants email access to facebook app, yet this is happening to me. I searched the net and no one else seems to be facing this issue.
Any hint would be appreciated
Never makes assumptions about what Facebook will send you, never expect every field to be present and never expect a Graph request to do what you want.
Facebook sometimes do things like this, a missing field here and there, a cryptic and unexpected error somewhere else… While it can be no harm be aware that it also happens in critial places like in the signed_request sent when an user launches an app.
You also have to know that 'your' Facebook may not be everyone else's Facebook. They do geographic and somewhat random deployments of their code. An option to hide your e-mail address to every application could appear for someone but not for someone else, without any particular reason.
Considering your particular issue, I doubt there is an option to hide you e-mail address to an app who has the mail permission, but if the permission is not mandatory someone could accept your app and cherry-pick optional permissions later.
I dealing with this issue recently. Apparently, facebook only promise to return "valid email" address. Some account do not having any "valid email". They can be account who using phone for validation, or account that email is expired. I tried with a account which email, lets said "xxxx.gmail.com" is expired, when query that account graph, i unable to get any email shows(by using facebook debugger). However, when i login xxxx.gmail.com in gmail, and re-activate the email, and i query graph api again for the account, it able to return me email.
had the same issue for a while, which caused some heavy head banging against the wall.
in my case the issue was due to the fact that some users have unverified emails or no email at all (when signing up via mobile/SMS).
in this case facebook will not provide an email on the response.
from the facebook docs:
note: this field will not be returned if no valid email address is
available for the user
sources:
https://github.com/mkdynamic/omniauth-facebook/issues/61
Register with Facebook sometimes doesn't provide email (sebastian's and colm's answers)
https://developers.facebook.com/docs/reference/api/user/
The only thing that worked for me was requesting for permitted fields through the API:
FB.api("/me", {fields: "email,..."}, callback)
This totally fixed the issue.
Hope that helps.
I hope this is allowed but I have a number of questions regarding Facebook Connect, I'm quite unsure on how I should approach implementing it.
I am working on a live music type service and currently have user registration, etc. If I were to implement Facebook Connect alongside this, would I still be able to email the Facebook Connect users as if they were on my database?
Also, would it instead be possible to let users who have Facebook "link" their accounts once registered so I am able to give them the benefits of sharing via Facebook and inviting friends while still having an actual registered user on my system.
I have tried to read up answers to the above questions but what I've found is quite ambiguous.
Thanks, look forward to your views.
Facebook's documentation process is very poor, so don't feel bad about having a hard time getting started. Their wiki-style approach to documentation without any real official documents tends to leave the "process flow" tough to grasp, and requires piecing together parts of a bunch of randomly scattered docs.
Facebook has an obligation to protect privacy, so they never make a user's actual email address available to application developers, through Connect or normal applications. They do have a proxied email system in place that you can use, however, you must get explicit permission from a user in order to email them. There's a decent document on proxied email here. You can get permission by prompting for it; there's several methods for doing so linked in that document.
In regards to linking Facebook and local accounts, this would definitely be the way to go. Once a Connect user logs in, you want to store that fact for that user so you can provide the Facebook-specific functionality. I would simply create a normal user account in the database for every new Connect user that came by, with it's own local id, so that you don't have to do special handling of two different types of user accounts all over the site. That being said, the account would obviously have to be marked as a Facebook user's account (I use an externalId column in my users table), and any part of the site that relied on information you might otherwise have locally would have to handle the Facebook aspect properly (such as using proxied email instead of normal email).
For existing users, you could arrange an "account link" by having a process whereby they log into FB Connect after they've logged into the site already, and you could detect that and simply add their FB id to your users table. After that, they could log in through Connect in the future, or through your normal process. I've never done this, but it should be possible.
If you write the account handling code generically enough, your site will be able to function well no matter what kind of user you throw at it.