4

I am using Rails 3 + Devise 1.5 + OmniAuth via the omniauth-facebook gem to allow users to sign up for my app via Facebook.

I have everything working smoothly, except that once in a while, I have someone sign up for my app using Facebook, and the authentication hash doesn't contain the users email (although it includes many other attributes.) Again, most of the time I do get the email, but why is not included some of the time? Is there a way for a user to set his Facebook privacy settings in such a way that my app can obtain all sorts of info such as name, gender, and timezone, but not the email? I tried to make my own email in my Facebook profile private, but I was still able to log in to my app with Facebook.

Here's an example of a hash I received that's omitting the email (actual info censored):

"name"=>"XXXX XXXXXX", "first_name"=>"XXX", "last_name"=>"XXXXXX", "image"=>"http://graph.facebook.com/XXXXXXXXX/picture?type=square", "urls"=>{"Facebook"=>"http://www.facebook.com/XXXXXXXX"}}, "credentials"=>{"token"=>"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "expires_at"=>1329364800, "expires"=>true}, "extra"=>{"raw_info"=>{"id"=>"XXXXXXXX", "name"=>"XXXX XXXXXX", "first_name"=>"XXXX", "last_name"=>"XXXXXX", "link"=>"http://www.facebook.com/XXXXXXXXX", "username"=>"XXXXXXXXX", "gender"=>"female", "timezone"=>-5, "locale"=>"en_US", "verified"=>true, "updated_time"=>"2012-02-15T00:01:23+0000"}}}

Thanks very much in advance!

Rebitzele
  • 3,252
  • 1
  • 20
  • 21

2 Answers2

0

There are at least a couple of reasons this could happen:

  1. The person signed up using a mobile phone number instead of an email address, so they have no email address registered with Facebook. (see "Facebook Login Basics" help page which confirms you can do this: https://www.facebook.com/help/418876994823287)
  2. They have an email address registered with Facebook, but it isn't confirmed. According to this question: Is it possible to check if an email is confirmed on Facebook? Facebook won't return an unverified email address (though they had to provide a phone number to confirm the account before logging in). I haven't confirmed this behaviour though.
Community
  • 1
  • 1
Tim
  • 2,903
  • 2
  • 18
  • 16
0

When a user is presented with Facebook's authentication dialog, they have the option to disallow sharing their email address with you before approving the authentication. Perhaps this is causing it to now show up in the auth hash.

Try revoking your test account, then reauthorizing through your app. At Facebook's dialog, it should list all of the permissions you request including email. At far right is a gray "X" that will disallow a certain permission. Try disallowing email and see if it reproduces what you're experiencing.

I believe this is a separate privacy control from the email privacy settings.

Substantial
  • 6,684
  • 2
  • 31
  • 40
  • Hi, thanks for answering - but in my dialog I don't see any gray X at all. My dialog appears similar to the examples found [here](http://developers.facebook.com/docs/authentication/) – Rebitzele Feb 16 '12 at 15:09