Has Facebook always verified the email addresses for their users? I am building an app with Django (using python-social-auth) where I want people to be able to login with their Facebook account. As far as I understand, the email is always verified. Even in the case when the person who has signed up used his/her phone number. If they enter an email later on, this email will still be verified.
However, I am not sure this was the case earlier. Can we trust that all the emails have been verified by Facebook for all the accounts?
We send email confirmations to help keep your account secure. Learn more about what you can do if you're having trouble accessing your account. To confirm that you own this email, click on the link in the confirmation email.
To confirm your mobile number, enter the code you get via text message (SMS) in the Confirm box that shows up when you log in. Learn what to do if youdidn't get the SMS. To confirm your email, click or tap the link in the email you got when you created the account. Learn what to do if you can't find the email.
We ask you to do a security check if we think your account's security might have been affected. To get back into your account if you're being asked to do a security check: Log into Facebook and follow the instructions to confirm your identity.
If you created a Facebook account with an email, we sent a confirmation link to that email. If you can't find your confirmation email: Check your junk mail folder. If you're using Gmail, check your Social emails.
More recently, the short answer is: Yes, if you get email from Facebook, this is verified email.
Also, remember that users may not have it set (i.e. phone registration) and probably, if you want to handle them, you will need to extend your pipeline to verification. (But that allows you to handle for example twitter)
Anyway, more info in twin topic: Is it possible to check if an email is confirmed on Facebook?
In case anyone finds this question again, as of 2021, Facebook's documentation says that the email obtained from Facebook needs to be verified.
"1. Ensure the Facebook Login email address is verified
If you use an email address as the unique credential which identifies each account, your app should verify that the email address associated with the person's Facebook account (and obtained during Facebook Login) is valid. You can do this by creating code in your app to send a verification email to the address obtained after Facebook Login."
Source: https://developers.facebook.com/docs/facebook-login/multiple-providers#postfb1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With