How to get facebook's friend email? Or their email hash?
it is not possible. if you take a closer look at the existing extended permissions , email for friends is not available.
Sadly (and also thankfully!) you are unable to do that.
http://developers.facebook.com/docs/reference/api/ should show you all the things you have access to through the Graph API. You can get their profile information - gender, friends, date of birth and all that, but the email is secured.
On http://developers.facebook.com/docs/authentication/permissions you can see the following:
email not available Provides access to the user's primary email address in the email property. Do not spam users. Your use of email must comply both with Facebook policies and with the CAN-SPAM Act.
So it looks like it may have been once, but at the moment and for the foreseeable future, it's not possible to access it.
Related
I am working on Google Action for Google Assistant. Our custom Action relies on user's phone number to get additional information from external server.
According to the official guide you can use Account linking with Google Sign-In to get some user information from Google ID token:
name
given_name
family_name
profile_picture
email
locale
I know that you can fill out optional contact fields in Google account like address and phone number.
Does anyone know if Google ID token contains this optional information or no?
The answer depends.
Some basic personal metadata is available through Google Sign-In. With regards to the other fields:
Address
This information is not easily accessible. You can use an in-dialog permission to access the current location, but not the home address necessarily.
If your Action uses physical transactions, then you can get their address in order to ship items. But you shouldn't use this as a way to get the address if you're not shipping items, and such an attempt would be detected during review.
Phone Number
No, this is not something you can readily access. For general things like notifications, Google Sign-In gives you an email address. You also shouldn't ask it in your Action. The review team won't be happy with that, and the voice transcription doesn't work very well for long numerical sequences.
Gender
No, this is not something that is part of the Google Sign-In, and there's no helpers. With regards to asking it yourself, I don't think the review team would have a problem, although you may want to consider whether it's necessary for a good voice design.
No. Address, phone, and gender are not available fields/claims in Google's ID Token (JWT).
See: https://developers.google.com/identity/protocols/oauth2/openid-connect#an-id-tokens-payload
I'm about to use one of those multi-provider authentication frameworks Opauth or Hybridauth (don't know which is the best but I had a little preference for the second one) so the consequence is that I have to manage multi account.
In fact I already have my own account management (login+password+email) and I had last year facebook users. Now I will have to deal with Twitter account, linkedin account, etc...
So the question is easy : how to manage the username ?
For instance, John create a account on my site. So "John" login/username is taken. But if another John from Facebook then another one from Twitter arrive, what i'm supposed to do ?
In Stackoverflow (or elsewhere), what is the practice ?
I don't want a John write on the behalf of another John. Today with my own system, I verify that the login (username) is unique. If not I reject the user. But now ?
I thought that I can check the email but... I learnt that email address can't be the key because of Twitter that doesn't give it to you.
Hope I'm clear enough :)
regards
As you say it's not possible to just retrieve the username from different sources and just store it. I don't know how it is done here in stackoverflow but if you try to register the name is optional so probably it is not an unique key. I can't see the way to login with twitter here so I bet that email is a unique key.
I'll try to answer your question but I've only used facebook API so maybe this can't be done with others. I suppose that each API gives you something you can store in your database and use it later to identify your user against their API.
If you allow users to register with facebook (or gmail, twitter...)then you can use the next approaches (I'm sure there are few more):
They always login with facebook (or twitter, gmail...): you store a record for them inside your database with the key provided by the API and other useful info you can collect. As you said each API gives you different things so you have to think in advance what you really need to provide your users with a good experience: is their name needed? age? If you need more data than the provided by the API you should jump to the next approach or prefetch it and make it editable before. Here you don't ask your user for a password so they can only login with facebook not with a login form, if a user tries to authenticate with facebook (or twitter, gmail) again you know which key you have to look for and authenticate your use.
The can create an account and link it with facebook (or whatever): you ask for facebook permission and then prefill a form for them to provide the data that is missing (password, mail if they use twitter...) and then create the record storing the unique key provided by the API as well to proceed exactly as step 1 if they use their facebook accounts to login. If you asked for a password and an email they can use a standard login form as well.
You can use the first approach and ask the user to change the attribute that is in conflict with other user (name in your case) or even ask to fill what is missing depending on which social network they are using to sign in. You can use name+surname as username to reduce the colission possibility if this is what you want to store to identify your user.
Hope this helps
HybridAuth gives you an excellent way to integrate your site with the social media...
http://hybridauth.sourceforge.net/
This should also help...
Is it possible to figure out reliably what the Facebook email of any Facebook user would be? I know earlier this was not possible because not all users had a username. But I believe that has changed since...
I'm trying to figure out a way to let a user send a direct message to their friend through my app. The Request feature is pretty messed up now as you cannot send a custom message, which means most friends are probably going to ignore the request.
The type of messages that I am trying to let my users send to their friends would not be considered spam by Facebook, as these are messages sent directly from the user to their friend, except it is done through the app. But it's pointless if the message just says "Joe wants you to try this app..." The usefulness of an app on the Facebook platform is becoming questionable now.
I think that facebook terms and conditions disallow this...
Facebook messaging (i.e., email sent to an #facebook.com address) is designed for communication between users, and not a channel for applications to communicate directly with users."
Despite your caveat at the end of your post I believe that facebook would consider this a message from your app to the user.
In terms of your question, then the user data returned includes 'username' which is the information you need to create the email address.
Is it possible to figure out reliably what the Facebook email of any Facebook user would be? I know earlier this was not possible because not all users had a username. But I believe that has changed since...
Yes, now every user should have a username set – if not by themselves, than FB will have chosen one for them.
Besides that, I think writing to userid#facebook also works.
But I agree with combinatorial’s answer – Facebook explicitly says that this should not be used for app-to-user communication. To judge if your case is OK is up to you – otherwise you might consider using the send dialog instead, that’s more of the “designated” way to have users communicate “through” your app.
If what you are looking for is to give them a new message notification, it is not going to work. Because, if you send an email to the facebook email, it will land in the Others folder in the message box, which is like a spam box.Try mailing your own #facebook id and see what happens.
And Facebook doesnt give any documentation of how to get users #facebook email, most probably because they dont want developers to use it.
Why dont you mail them directly? You can easily get their email by adding email to the scope, and you can catch the email easily too.
$data = file_get_contents("https://graph.facebook.com/me?access_token=xxxxxx");
$data = json_decode($data,true);
$email = $data['email'];
Is that a viable option in your case?
I am working on a project related to both school and work where I would like to combine data from a college entrance application (which includes email address) and Facebook data, even a minimum amount of data, such as number of "friends" or any other public info they've put out there. Am I correct that you can't really programmatically search Facebook by email address? Feel free to make any suggestions.
Thanks
You can search Facebook by email address, you just can't reliably search Facebook by email address.
For instance, you can make this query with a user access token:
https://graph.facebook.com/search?type=user&q=USER#EMAIL.NET&access_token=TOKEN
I've tried this with a few people I know who are on Facebook, where I know their email address, but I am not friends with them. (Mostly my wife's friends).
In my testing, only about 20% of these queries return a Facebook user_id. I'm not sure if they don't have the email I know linked to their user account or if they have their privacy set to restrict their email address.
Once you have their user_id, you can access all their public information at
https://graph.facebook.com/USER_ID
You don't need an access token to get this information.
I'm using Facebook Connect along with the Facebook Graph API to fetch user's email addresses when they sign up to my site. This works perfectly over 99% of the time but sometimes when I query the Graph API for a user's data after they have given my site permission, including the email permission, Facebook returns a large number (eg. 14036774009) as the person's email address.
So far, the numbers are always different and are always 11 digits long and all the other user data from the Graph API is valid. I've never been able to replicate this problem with a Facebook account that I control.
In some ways, the large number reminds me of the random proxy email addresses that Facebook generates for people who opt to give 3rd party apps a forwarding address instead of their main address (the proxy addresses look something like this: apps+148742679521093.617890126.8a2b26037e1ccd06bb81aaec5925f4c7#proxymail.facebook.com)
Can anyone explain this behavior or a way to fix it (and always get valid email addresses)?
It's a bug. Has already been reported to Facebook:
https://developers.facebook.com/bugs/298946933534016
It seems to be happening even when using the graph explorer - https://developers.facebook.com/tools/explorer, but only for some users. In my case about 0.2% of the time.
So until it is fixed you have 2 options:
If Facebook gives you a bad email value, ask the user for his/her email manually.
Save the long lived access token and try again periodically to see if you get the correct email back.
Are you still using the old auth dialog somehow?
The ability to provide a proxy email address is only in the old auth dialog
This happens for people who sign up to Facebook with their mobile phone number and the number returned is just that.
There is no option to get at the users' email address because he may not have given it to Facebook yet.