Currently I am creating website that allow user login by their facebook. and the website require their email.
the problem is how to facebook authorization with require their email.
but when the user doesn't give their email permission, how to cancel the authorization process.
I know facebook docs tell me, that facebook was not guarantee we grab the user email. but how to cancel when the user does not allow their email in permission list
https://developers.facebook.com/docs/facebook-login/permissions/v2.3
email
Provides access to the person's primary email address via the email
property on the user object.
Do not spam users. Your use of email must comply with both Facebook
policies and with the CAN-SPAM Act.
Note, even if you request the email permission it is not guaranteed
you will get an email address. For example, if someone signed up for
Facebook with a phone number instead of an email address, the email
field may be empty.
Review Your app may use this permission without review from Facebook.
when user disable their email permissions picture :
[SOLVED]
I can using user revoking permissions.
see here :
Using Laravel Socialite to Manage User socials setting (like pinterest at user settings page)
Related
Is there a way I can request twitter user email address, avartarURL using codebird.php
Currently, I only get the screen name.
What I am doing is:
$reply = $this->client->oauth_requestToken(array('oauth_callback' => $this->clientCallback));
The tutorial I am currently following:
PartFour This will give you a sense of what is going on from the first 5 min.
You can request a user’s email address by calling the account/verify_credentials Twitter API method, setting the optional include_email parameter to 1:
$reply = $cb->account_verifyCredentials([
'include_email' => 1
]);
print_r($reply);
This will only work for Twitter apps that have the option to request email addresses from users enabled.
The “Request email addresses from users” checkbox is available under the app permissions on developer.twitter.com. Privacy Policy URL and Terms of Service URL fields must be completed in the app settings in order for email address access to function. If enabled, users will be informed via the oauth/authorize dialog that your app can access their email address.
Please note - Your app will need to regenerate the user access tokens for previously authenticated users to access their email address.
Please note - You can view and edit your existing Twitter apps via the Twitter app dashboard if you are logged into your Twitter account on developer.twitter.com.
Does anyone know how to set the "Email Address" as mandatory when a user logins in via Facebook using Socialite (if it is possible)?
At the moment my integration allows the user to remove the Email Address from the data that will be shared by Facebook on the Facebook side.
While we don't currently use the email address to contact the user, we do use it for matching accounts together if they login via different methods. This makes the site easier for the user overall.
If this is not possible then in the long run I may need to revoke the users access if they don't share the email address in order to avoid data issues. However I will hopefully be able to avoid this.
Any help is appreciated.
Thanks,
Cs1h
You can't explicitly require it, it's up to the user to share it or not when authorizing so you need to build your application to support this.
In my opinion if they don't choose to share the email then you should detect this and have a page that asks them to enter it manually and send them an activation link to confirm their account before linking.
I'm using the hoauth extension for user authentication and I want to make an optional account merge, where if a user logs in with a facebook account and a google+ account that have the same email they get asked to optionally merge those two accounts.
Currently when I try and login with a google+ account with an email that is already bound to a facebook account I get the following message:
This E-mail address is taken by another user. If this is your account, enter password in field below or change E-mail address and leave password blank.
I want to remove this and add the optional merge and after merge they should be logged in, or if they chose not to merge the accounts I want to still allow them to login with that provider instead of showing this message.
I fount the piece of code that handles this, but what would be an effective way to achieve my goal.
/extensions/hoauth/models/HUserInfoForm.php is the location of validateUser() which handles the check.
I'm open to any and all suggestions, thank you.
I am planning to allow users to login to my website using oAuth authentication. I have a doubt whether I can completly rely on the email returned from the response to link the users to actual user account in my website. Can there be any security issue with this?
The most immediate, is that you must absolutely trust the oAuth provider. It might lie to you and take over your local user account.
For example, if the oAuth provider does not validate the user email, someone might register an account there with someone else's email, then login to your site taking over the local user account.
Also make absolutely sure you're using SSL.
I have 2 types of users in my system , lets say its A and B. A has an account with docusign and sends a document through email to B. B (who does not have an account on docusign) signs it using docusign. Now for making the api call (https://demo.docusign.net/restapi/v2/login_information), i need to specify the integrator key, email and password.
My question is how will i check whether a user has an docusign account or not and if he/she has an account, should i store the credentials of that user in the db or is there any way by which i can create a new docusign user automatically during the registration process?
Edit : i am using rest api with php
With DocuSign you only need an account to SEND documents, signing documents is always free and you do not need an account to sign.