Can't get email claim from Facebook

[VeronicaWasson]

Using beta7 packages. In my startup:

        services.Configure<FacebookAuthenticationOptions>(options =>
        {
            options.AppId = Configuration["Authentication:Facebook:AppId"];
            options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
            options.Scope.Add("email");
        });

However, inside AccountController.ExternalLoginCallback, I get back these claim types in the ExternalPrincipal:

• "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
• "urn:facebook:name"
• "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

In the Fiddler traffic, I can see that it’s calling the FB Graph API and getting:

{"name":"xxx","id":"xxxx"}

If I modify the request to ask for email and replay it, then I do get the email, so I think my scope is correct

GET https://graph.facebook.com/v2.2/me?fields=id,name,email&access_token=blah

Response:

{"id":"xxx","name":"xxxx","email":"xxx"}

[Tratcher]

Related?
#365
#366

[VeronicaWasson]

I don't think so? It's sending a well-formed request to FB:

https://graph.facebook.com/v2.2/me?access_token=blah&appsecret_proof=blah

But I don't see the middleware asking for email anywhere, and FB is just returning id and name. I'm not familiar enough with FB graph API to know if FB should be returning email by default, or if the middleware needs to ask for it specifically.

EDIT: I wonder if it's related to this SO question

[Eilon]

Need to try to repro this. It might be due to the user marking their email address as hidden data, so even if you request it, it won't be available.

[AlexTo]

Yes I have the same issue, can't get email from Facebook if I just add

services.Configure<FacebookAuthenticationOptions>(options =>
        {
            options.AppId = Configuration["Authentication:Facebook:AppId"];
            options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
            options.Scope.Add("email");
        });

I could see that Facebook asks me for permission to provide email to the webapp but I just don't have the claim in info.ExternalPrincipal

[hajjat]

Hi, I'm hitting the same issue. Were you guys able to find any workarounds? Thanks!

[Netizine]

@hajjat @AlexTo @MikeWasson I got it to work in beta8 by changing the configuration to

app.UseFacebookAuthentication(options =>
            {
                options.AppId = "xxx";
                options.AppSecret = "yyyyy";
                options.Scope.Add("email");
                options.BackchannelHttpHandler = new HttpClientHandler();
                options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email";
            });

[chris02031]

@Jayman1305 Thanks for posting your solution, works a treat.

[dotnetshadow]

@Jayman1305, I can't seem to get first_name, last_name, user_birthday using the same technique in beta8

[chris02031]

@dotnetshadow

First and last name come in as a single, combined field... it's just called 'name' if I remember - check the returned claim object. It's already there.

You only get an age range by default. You've gone through the review process with Facebook to have your app specifically granted access to request birthdays right? (even this may not include year).

[Netizine]

@dotnetshadow You won't get birthday without additional authorisation. Test out the data you want in the graph explorer to see what you can get. https://developers.facebook.com/tools/explorer/
If it try it on my apps for the field, i get the oauth exception below. This is if i try access me?fields=id,name,user_birthday. Always try check in GraphExplorer first to see permissions.

{
  "error": {
    "message": "(#100) Tried accessing nonexisting field (user_birthday) on node type (User)",
    "type": "OAuthException",
    "code": 100,
    "fbtrace_id": "H+EvezAKOau"
  }
}

[dotnetshadow]

@chris02031 @Jayman1305 The only way I've been able to get these fields is by using the Facebook SDK nuget package and passing the access token then I can read the fields. The only issue with this is that it's not supported in dnx core 5

options.Scope.Add("public_profile");
options.Scope.Add("user_birthday");
options.Scope.Add("email");
options.SaveTokensAsClaims = true;
options.BackchannelHttpHandler = new FacebookBackChannelHandler();
options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email";    

Controller:

var access_token = info.ExternalPrincipal.FindFirstValue("access_token");
var fb = new FacebookClient(access_token);
 uBirthDate = fb.Get("/me?fields=birthday");

[chris02031]

Looks like you've got the .Scope additions, but you've missed extending the UserInformationEndPoint.
Does this make a difference?

options.UserInformationEndpoint = "https://graph.facebook.com/v2.5/me?fields=id,name,email,birthday";

[dotnetshadow]

@chris02031 Thanks for replying, what I mean is when I use the Facebook Client, I don't even have to add birthday to the userinformationendpoint because I'm able to grab it through the Facebook Client. I want to eliminate the Facebook client nuget package and just try reading the fields first_name, last_name or birthday, I haven't found a way of doing this yet.

[Tratcher]

https://developers.facebook.com/docs/apps/changelog

Upgrading from v2.3 to v2.4
Graph API
Changing the way fields are retrieved
In the past, responses from Graph API calls returned a set of default fields. In order to reduce payload size and improve latency on mobile networks we have reduced the number of default fields returned for most Graph API calls. In v2.4 you will need to declaratively list the response fields for your calls.

[gdoron]

@Tratcher
Hi Chris, I'm posting here after a day or two of searching the web and Stack Overflow for solution for this one. 😢

(We are using RC1-final, and can't upgrade to RC2 until there will be VS tooling support for RC2)

I'm using the same code suggested earlier by @Jayman1305 to get the first_name, last_name, email and significant_other of the user:

app.UseFacebookAuthentication(options =>
            {
                options.AppId = Configuration["Authentication:Facebook:AppId"];
                options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
                options.Scope.Add("email");
                options.Scope.Add("user_relationships");
                options.BackchannelHttpHandler = new HttpClientHandler();
                options.UserInformationEndpoint = 
                    "https://graph.facebook.com/v2.5/me?fields=id,email,first_name,last_name,significant_other";

This solution indeed returns the email of the user, but fails with first_name,last_name and significant_other (and any other field I tried besides name, id and email).

Also, is it possible getting the FB access token? We might need it for future querying of other edges.

I need a way, even if not the cleanest, to get this information on RC1.

Many thanks.

[dotnetshadow]

I agree it would be great to just see a very simple example of using the facebook stuff in asp.net core where you can define x number of fields, i.e. last_name, first_name, birthday options.Scope.Add("last_name") and just see the results come back without using any other nuget packages.

[gdoron]

@dotnetshadow Great answer was given on stackoverflow

[dotnetshadow]

@gdorn thank you so much I didn't see that before. I saw a comment that said:

In RC2, custom code won't be necessary, as the first name/last name are now included by default: #688.

Will this will across all fields or only specific ones? Say birhtday? gender? etc

[gdoron]

@dotnetshadow from reading the conversation on the pull request, it's clear it's only for first+last names.
All others will still need manual configuration (by design).

[dotnetshadow]

@gdoron Ahh ok and by manual configuration you mean
options.Scope.Add("gender")
or
Fields.Add("gender")

I haven't kept up with how it's changed from RC1