Why E-Mail is empty when you signup/login with Facebook?


(Stan Tyan) #1

Hi,

I apologize for maybe opening a duplicate topic, but I’m confused as heck… I’m running a clean install on a fresh Linode VPS, using your official docker instance. Installed and configured it the way you guided. Facebook login was also configured by following your guide.

I’ve read several topics about people having the same issue. Still it’s really confusing for me. Why it does not pull verified email address from a valid facebook account that granted access to his/her email address explicitly during authentication popup?

The biggest surprise is why it’s working ok on official http://meta.discourse.org using the same facebook account and does not work on my fresh install using the docker image?

Steps on my website:

you can see that you allow to share email:

and after you click Okay and get redirected back to website:




And if I’m doing the same steps using the same facebook account but now on meta.discourse.com, I’m getting this result:

I tried on http and https, same issue.

Simple question: Why?

Continuing the discussion from Configuring Facebook login for Discourse

Continuing the discussion from Why showing blank email box during Facebook sign up?


Configuring Facebook login for Discourse
(Khoa Nguyen) #2

You can see the reason here


(Thomas Purchas) #3

That doesn’t explain why the behaviour is different on meta compared to a fresh install.


(Sam Saffron) #4

Because the user did not authorise Facebook do share email with said site?


(Thomas Purchas) #5

In my testing I was very careful to make I did share my email.

On my test site I went through the flow several times, changed my primary contact, and reauthorised my email address. Nothing I did could persuade Facebook to pass my email address to my fresh discourse install.


(Stan Tyan) #6

Hi @sam, as one can see from my previous screenshot 2015-11-22 16-33-03.png I did authorize a facebook application to share email address.


(Stan Tyan) #7

I have dug into this issue on Facebook platform forums too and found this:
https://developers.facebook.com/bugs/487563591260030

Scroll down to comments section and you will see that many people experience the same problem. So apparently it’s facebook’s platform issue/bug/newpolicy or whatever.

However one man who is using ruby on rails and the omniauth-facebook gem has shared this as SOLVED:

Are we using the same omniauth-facebook gem in Discourse? If yes, maybe we can somehow update it to latest version.

It does not matter if I’m using a freshly created facebook app for this Web OAuth to my new discourse, or using an old proven to work facebook application. Did some testing, still not working.

Another related thread on Github with some fresh comments:


(Mittineague) #8

The Gemfile.lock file has
omniauth-facebook (2.0.1)

The omniauth-facebook/CHANGELOG.md file has

3.0.0 (2015-10-26)

Changes:

Remove query string from redirect_uri on callback by default (#221, @gioblu)
Signed request parsing extracted to OmniAuth::Facebook::SignedRequest class. (#183, @simi, @Vrael)
Change default value of info_fields to name,email for the graph-api-v2.4. (#209)

Would any of those break other things?


(Jeff Atwood) #9

I am fine with updating OmniAuth if it helps.


(Francis Brunelle) #10

I know exactly why this issue is happening to some people but not others.

It’s because newly created apps can’t access earlier versions of the Facebook API. For example, I just created an app today and as you can see in the screenshot, its API version is v2.5.

When you hover over the small question mark next to “API Version”, it says:

This is the oldest version of the API this app can access. Any call to a version earlier than this or unversioned call by this app will automatically get upgraded to this.

I configured my Discourse forum to use this app and then I did a test to see if the Facebook login was working properly. But it wasn’t really working: the email field was empty even though I had authorized Facebook to share my email with my Discourse forum.

On the other hand, when I configured my Discourse forum to use an app running v2.3 of the Facebook API (I modified an existing app I had created a few months ago but that I wasn’t using anymore), it worked!
“Your email has been authenticated by Facebook”

This is due to a change that was introduced in v2.4 of the Facebook API, as explained in this blog post.

Fewer default fields for faster performance: To help improve performance on mobile network connections, we’ve reduced the number of fields that the API returns by default. You should now use the ?fields=field1,field2 syntax to declare all the fields you want the API to return.

So starting with v2.4, the email field is not included by default.

This has an impact on the omniauth-facebook gem, because it means that the email field is not included for apps running v2.4 or later of the Facebook API.

To address this, omniauth-facebook added a default value for info_fields to make sure that the email was included by default. This change was made in PR #209 and released in v3.0.0.

Discourse just needs to be updated with omniauth-facebook v3.0.0 (instead of v2.0.1).

Cheers!


(Stan Tyan) #11

Hi @frabrunelle ,

So Discourse still has omniauth-facebook v2.0.1?

I thought it was approved to update it to v3 a month ago.

Somebody, please update omniauth-facebook to v3, we really need it.

Thank you in advance!


(Francis Brunelle) #12

Yes, Discourse still has v2.0.1, as you can see in its Gemfile.lock.


(Sam Saffron) #13

Sure will update this today