I am developing an MVC 4 app and use the OAuth providers provided by MS, but I would like to get an e-mail address for every user. For Google (default) and Facebook (using FacebookClient) I already get the users address, but what to do about the following:
And what about, when it is not possible via OAuth like with Twitter?
I've read in different threads it is not good/secure to just ask the user for it. Is it "secure enough" if I also require a verification via e-mail to actually use the address (but not the account in general) as I (will) do when changing the address?
The purpose of OAuth is not to provide email addresses, its to provide authentication in a standardized way. Just because a lot of the implementations also happen to give you the option of an email address doesn't mean that all of them must comply. Twitter is a case in point.
Why would asking a user for their email address not be "secure"? I would question that, I mean if you can't trust a users input regarding their email address, what can you trust them with? If you're using some sort of confirmation mail system it would surely be fine?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With