Intermittent missing email address in facebook API

Question

My application uses the "https://graph.facebook.com/me" request with an OAuth token to obtain properties about the user. Email address is one of the properties we need, and we do explicity request that permission when we request access.

It's working fine 99% of the time, but on a few occasions the response comes back without any object in the jSON data named "email".

Is there an explanation as to why this might happen, such as a way a user could grant us permission but still block their email address? Or could it be found under another key?

Thanks.

Answer 1

Short answer: Not all users have an email address available and those who do may not have a valid, reachable email address

The documentation for the email field of the user object ( https://developers.facebook.com/docs/reference/api/user/ ) clarifies the expected behaviour here, which is: "this field will not be returned if no valid email address is available"

There are a number of circumstances in which you may think a user should have an email address returned but they will not. Some common reasons:

• No Email address on account
• No confirmed, verified email address on account
• User entered a security checkpoint which required them to reconfirm their email address and they have not yet done so
• Users's email address is unreachable

You also need the email extended permission (which users can choose not to allow), even for users who have a valid, confirmed, reachable email address on file.

Answer 2

The mobile signup form at http://touch.facebook.com/r.php allows you to signup with an email address or phone number. So I don't think all Facebook users have an email address stored with them.

Answer 3

The user can revoke the email address permission on the app privacy settings page without revoking the full application. You could first call /me/permissions to make sure the email permission is still granted.

Answer 4

If you are using facebook SDK 2.4 or higher you need to add "fields" in the strategy

Below is an example for oAuth library.

FacebookStrategy.php line 131

BEFORE:

$me = $this->serverGet('https://graph.facebook.com/me', array('access_token' => $access_token), null, $headers);

AFTER:

$me = $this->serverGet('https://graph.facebook.com/me', array('access_token' => $access_token,'fields'=>'email,name,first_name,last_name,age_range,gender'), null, $headers);

Regardless of the field list, if you want to get more information that is not by default provided by Facebook, the permissions need to be in the "scope" array.

Default data provided by SDK includes: email, public profile, user_friends