Ueberauth Facebook edge case

(forgot the exact fb version number) it seems like users can choose not to share email during OAuth login. You can read more about it here: https://github.com/mkdynamic/omniauth-facebook/issues/61.

When users choose not to share their email, Ueberauth simply fails and does not ask for permission again. And because of this, users have no way to login.

For now, I’d like to force users to share their email. I found that we can do this by rerequesting Facebook OAuth permissions using
/auth/facebook?scope=email,public_profile&auth_type=rerequest but I’m not sure how to add this to Ueberauth.

1 Like

See this section in the README, that should clear it up for you :slight_smile:

If that doesn’t help, perhaps you could be more specific? Do you have a code example or an error message?

1 Like

Dropping by to say I love Ueberauth. It is low level but just what I needed, and it was easy to make an LDAP adapter too (which I should probably release as a plugin sometime, although it does make some assumptions about our unique setup). :slight_smile:

Hey @lukerollans, thanks for the reply. I actually got the idea of using /auth/facebook?scope=email,public_profile&auth_type=rerequest from the same source. I’ll try to be more specific using the phoenix guardian example (https://github.com/hassox/phoenix_guardian/blob/ueberauth-guardian/web/auth/user_from_auth.ex#L37).

Let’s add some basic code to check for an email.

defp validate_auth_for_registration(auth) do
  case auth.info.email do
    nil -> {:error, :email_is_null}
    "" -> {:error, :password_is_empty}
    _ -> :ok

With this example, the authentication will get an {:error, :email_is_null} when the user doesn’t give permission for their email as expected. However, if the user realizes that the application needs his/her email and decides to try again, the user will get the error message without the permission prompt. I just found that you need to remove the app from https://www.facebook.com/settings?tab=applications to try again.

------- Update -------

It seems like this will do the trick.

  {:error, :email_is_null} ->
    |> redirect(to: "/auth/facebook?scope=email&auth_type=rerequest")


1 Like