Some social networking have an option: find all friends via a e-mail account. So how does it do that?
it requires your email account password
the social network enters your email account and fetches the contact list
it compares your list with its database of registered profiles (specifically, with the email of the registered users)
every match is a person which you have had contact with in the past.
All of those matches are proposed to you as friend.
This is more or less how it works.
Related
I am implementing an email verification service, with the purpose of confirming that the person registering is indeed the owner of that email address (specifically, that they work at the organisation that the email domain belongs to).
I will send an email post-registration with a single-use link in it that will set their status to verified = 1.
Users can choose to register and log-in using either a simple email/password combination, or by using the Google Sign In service.
My question is: do I need to verify the ones that have registered with Google Sign In? In order to provide their email address to me, they had to sign in with Google, who then confirmed the address. Is there anything I've missed here, or can I immediately consider these users to be the verified owners of these addresses?
If you are using google sign in there is no need to verify the user.
Whereas if have your own login system, then you must verify the email because
if the email is not verified then you cannot have forgotten password feature through email
and also the user might not have actually had the email so anyone else could create the same email and if you have forgotten password through email someone else could easily access others data.
At http://docs.developer.intuit.com/0025_Intuit_Anywhere/0010_Getting_Started/0030_Integrate_your_app/0030_Signing_Into_and_out_of_Intuit_From_Within_Your_App/Sign-in/Implement_SSO_and_OpenID_in_Your_App
it says the following:
"Intuit does not verify the user email address associated with the user's OpenID account. Therefore, do not use the email address for authentication and do not link user accounts based on email address."
What does it mean "do not use the email address for authentication"? I mean, isn't the user already authenticated, through OpenId.
Also it says that the user email address is not verified. But what if my app needs to send an email to a user that has logged through OpenId. How can I be sure the user will actually get the email? What is the recommended pattern to handle that?
Thanks
EDIT: also, can I use the email to uniquely identify a user, and if not, what should I use to uniquely identify a user from the open id response?
EDIT 2: also, is the developer charged when a user logs in with open id and the 36 day trial expires? Or is it just when using the "Connect to quickbooks" that the developer is charged, in which case, open id authentication itself is free?
Clement,
It means when a customer goes to the Intuit Appcenter and creates an account the email is not verified immediately, so you cannot single sign on a user based only on their email address if they already have an account in your system. You need to prompt them to login one time to map the two accounts.
If they are completely new then you can auto provision an account on your side and single sign them in, if you require the customer to verify their email address then you can send them a verification email.
thanks
Jarred
My app collects users' basic information only as part of authentication (i.e. no extended permissions, and this data collection is non-revocable and can't be skipped), and as part of that authentication it will collect users' primary email addresses.
Since Facebook rolled out #facebook.com email addresses for all users, and set those as the default address published on users' pages, does this mean that the #facebook.com email addresses are now the primary email addresses for almost all users, and that my app will now collect the #facebook.com email address? Or will it still collect the email address provided by users when they signed-up to Facebook?
I'm using Register with Facebook as one of the ways to log in to my web app, and expressly ask for the "email" permission..
On login, some of the user data ($facebook->api('/me')) is stored into the users database, however, sometimes the email field just doesn't exist - is this a common problem?
Just a guess...
The facebook documentation says:
note: this field will not be returned if no valid email address is available for the user
Source: https://developers.facebook.com/docs/reference/api/user/
So when an email address become invalid (users who haven't used facebook in years and have destroyed/changed their email address since for example), facebook may stop returning this field.
5% of invalid address may sounds big, but if I check my facebook friends, I think more than 5% of them never use their account, and I wouldn't be surprised if the address they used when they signed in is now invalid.
Users don't always have to provide an email address in order to use Facebook. They can also sign up via SMS, though it's far less common.
In short, FB won't always have an email address, so can't serve it to your app.
Try:
// Just to make sure email are permitted
//$facebook->getLoginUrl(array('req_perms' => 'email'))
// Request email
FB.api('/me?scope=email', function(response) { /*...*/ });
Or:
$email = $facebook->api('user_id?fields=email');
PROBLEMS:
The user changed the visibility of its email address to "only me" and thus you have no way to get it.
The user registered with SMS instead of email as mentioned in the previous answer.
ALTERNATIVE:
If you absolutely need to contact the user but you cannot get its email address nyou can still get its Facebook email (everybody has this email): "user_name#facebook.com".
If the user uses a POP server he will directly receive the email in GMail or others, if not he will receive your email as a private message. The only drawback if this method is that your email must be "plain/text" and not "HTML".
One thing is Users don't always have to provide an email address in order to use Facebook(could have registered through mobile)- as mentioned by Colm. Apart from this-
Please check that if the user has definitely granted you the email extended permission or it hasn't subsequently been revoked. To have a check on this you could use the permissions api-
/USER/permissions
I had similar problem & I found the cause for this. This problem occurs for users who have not set their Primary Email Address (They have many email address but they haven’t pointed out which is their primary email address) under General Account setting tab.
I tried using such accounts on various famous sites which has Facebook login & even they couldn’t retrieve the email address from such accounts.
So, its not the problem with the code(Assuming u have asked for permissions). We just have to handle such scenarios & let users know that we didn’t receive their email address. Like Klout does.
Thanks
In addition to what #Jigar Jain wrote above, users can actually uncheck the email permission during the sign inflow. If that's the case, his/her email address will not be returned by Facebook.
It's up to you to implement a logic that makes login unsuccessful if user unchecks the email permission, to force your users to choose another login method that will guarantee that a return of user's email address.
It is not mandatory for someone to give their email address while signing up with Facebook. An alternate approach would be to ask the user to link their email id in the Facebook account settings. That way you can fetch the email id, if that's a mandatory field in your DB. Otherwise you can continue with the id provided by FB which is unique.
I'm trying to build a web application in which users can invite their friends by using their email accounts (just like facebook). I use OAuth so that users don't need to enter password in my app. The problem is that I cannot figure out what is the correct YQL query to fetch contact names and email addresses from Yahoo social tables, and achieve the same result with facebook's Find Friends feature.
At first I used this:
SELECT * FROM social.contacts(0, 500) WHERE guid=me
With this query I hope I can get all contacts of the current logged in user, at once. But after parsing and selecting only records which have email field, the result list is far less than when I'm using facebook's Find Friends. I guess facebook does not only using Contacts tables, but also Profile tables, as I see it in the Yahoo authorization page when granting access permission to my private data.
So what is the correct YQL query to get all contact names and email addresses, using these two tables ?
After trying some tests, I discovered that when I import email addresses from my Yahoo contacts, Facebook automatically guesses the contact's email address in case that contact does not have an email field, by appending #yahoo.com to its yahooid field. As I see, this is totally wrong. Because with a yahooid, say "john123", the associated email may have an international domain like john123#yahoo.co.uk, john123#yahoo.com.vn etc.
I have a friend in my Yahoo contacts list. He has a yahooid which associates with a #yahoo.com.vn email address. Before importing my Yahoo contacts into Facebook, I made sure that there is no email field in his contact entry, just a name and a yahooid field. After importing into Facebook, Facebook determines my friend's email address as a #yahoo.com email. Of course the Facebook invitation mail never reach him.
And so, the answer to my question is: there is nothing wrong with my YQL. Facebook can fetch more email addresses than I do, but many of them are incorrect.