Userinfo (Facebook identity) doesn't return email address

Using FlutterAppAuth, I invoke authorizeAndExchangeCode to authenticate user and obtain the access token. It’s working well.

Then I invoke the API call userinfo with that access token to obtain some profile information (Just interested in name, profile picture, email address).

It works well for users who authenticated with Google, but for Facebook, I just don’t receive the user email in the response, and I can’t figure out why.

Here’s the scopes parameter that I use with authorizeAndExchangeCode:

scopes: <String>[
          'openid',
          'profile',
          'email',
          'offline_access',
]

Here’s the return provided by /userinfo when user authenticates with Google (email is included, it’s correct)

{"sub":"google-oauth2|10790108857xxxxxxxxxx","given_name":"Eva","family_name":"My surname","nickname":"acalpixca","name":"Eva My surname","picture":"https://lh3.googleusercontent.com/a-/AFdZucrYYp5TNJBMAvm4k6VZ-1ydZ_H2v0hjxxxxxxxxxx=s96-c","locale":"es","updated_at":"2022-09-07T16:57:30.591Z","email":"xxxx@gmail.com","email_verified":true}

And here’s what I get for Facebook authentication (no email included :frowning: )

{"sub":"facebook|10227469705xxxxxx","given_name":"Eva","family_name":"My surname","middle_name":"my middle name","nickname":"Whatever","name":"My full name","picture":"https://platform-lookaside.fbsbx.com/platform/profilepic/?asid=10227469705xxxxxx&height=50&width=50&ext=1665161608&hash=AeSBydokjMvElZjvbHA","updated_at":"2022-09-07T16:53:28.234Z","email_verified":true}

Anyone has this working? Any tips anyone? Many thanks!!!

Hi @acalpixca ,

Welcome to the Auth0 Community!

Facebook does not require users to have or share their email addresses. The email address not being returned could be due to either of the two situations:

  1. The user’s Facebook account is set up with a phone number rather than an email address (no email address is present to be returned)

  2. The user did not grant permission to access their email address; upon signup, users can choose whether this information is shared

If this occurs, the user’s email address needs to be added after account creation. Could you try updating the user by adding an email and trying again?

Thanks!

Dear Lihua, thanks so much for the answer. It makes sense in my context - the Facebook user email has been verified (hence the email_verified: true in the response) but she (me!) doesn’t share her email address.

What I need in reality is a unique id which is common across my 3 different users (Google, Facebook, Auth0 user DB) that can act as the user unique id in my backend. I thought email would be it but it is now clear to me that it isn’t. Can you please confirm that this unique id that I need could be the “sub” that appears in the response, i.e.

"sub":"facebook|10227469705xxxxxx" // Facebook user
"sub":"google-oauth2|107901088572871xxxxxx" // Google user
"sub":"auth0|62d48b9369e95f64bexxxxxx" // Auth0 user

Many thanks in advance,

Eva

Yes, sub stores the unique id for the users.

1 Like

This topic was automatically closed after 10 days. New replies are no longer allowed.