Not able to get email in Twitter OAuth response

[Aleem Bawany]

Facebook, Google and GitHub OAuth responses all include the email addresses via:

    {scope: 'email'}

Twitter has historically never included email address in its OAuth response but this changed sometime around April and now it is possible to get this via Twitter OAuth. This can be enabled on all Twitter apps by explicitly asking Twitter to do so, as outlined here:

https://twittercommunity.com/t/how-to-get-email-from-twitter-user-using-oauthtokens/558/187

However, Firebase does not seem to show the email address. I suspect this might be due to a scope bug or similar. Can anyone else verify this or provide some kind of timeframe for resolution?

Regards,

Aleem

[Kato Richardson]

Hi Aleem,

As mentioned in support, this is a new addition from Twitter and hasn't been added to the Firebase offering yet. It's on the feature request list.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/a4cfb53c-c56c-4ee7-94e6-bdd42bd52f8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jernej Pirc]

any news on this problem?

Where I can find firebase feature request list ?

Dne torek, 06. oktober 2015 11.25.07 UTC+2 je oseba Aleem Bawany napisala:

[Aleem Bawany]

Any update on this Kato?

It's frustrating that an authentication API like Firebase's has been sitting on this issue for a year. Post Google acquisition, it seems everything just went belly up. Last we corresponded over email you had mentioned the issue was opened and would be completed momentarily. Support for email scope is already present in Firebase's Facebook auth -- you could probably code this up up and the test cases, both within an hour or two.

Aleem

[Kato Richardson]

Hi Aleem,

After last week's announcements, the idea that we haven't done anything to improve the product--i.e. went belly up--is a bit absurd. Let's keep things realistic here.

I do hear your frustration. This hasn't been lost or forgotten. I'll ping the amazing folks in charge of auth enhancements and make sure they hear this.

Really appreciate the feedback!

Kato

--

You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/cd22ad30-727e-4a0f-8f03-d0396c60dff4%40googlegroups.com.

[Michael Bleigh]

Hey folks -- Twitter's API *does not provide email* during oauth sign in. So unfortunately, unless Twitter changes their integration policies, this is simply impossible.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CADypTEa%2BiFfO947Rgfe57%2B8kqf7zmTfb9kSn32X4Ji3mEo%2Bv6w%40mail.gmail.com.

[Michael Bleigh]

Oops missed the part of the thread where this is now possible. My bad! If that's the case we should look into it for sure 😃

[Kato Richardson]

Hi Aleem,

As promised, I had a chat with the Auth team. They agreed that this looks like low hanging fruit and are going to work it into the road map! (As always, no ballparks or public release dates I can share. Sorry.) Thanks again for reaching out.

I hope that helps!

☼, Kato

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Romel G]

Hi, this behaviour is currently extended to Github to, with the last API?.  

I added the scope flag to get the email of Github, but the firebase.User comes with not email defined. And also is not registered in the authentication console. I suppose that the registered email is used to check that the User maintains one account per email address.

https://gist.github.com/romelgomez/90e01be975c8ed6f082734b45308f962#file-login-js-L235

Best regards.

[Aleem B]

GH worked for me last I checked over a year ago but don't hold your breath. The developers have gone in post-acquisition coma and been sitting on basic UX issues for almost 2 years now (forgot pass email is not available, password reset with emails with plus signs is broken, twitter oauth scope doesn't exist despite every other library taking it on board). If what you say regarding GH is true, then Google has managed to systematically devolve the company. What a shame!

Aleem

--
You received this message because you are subscribed to a topic in the Google Groups "Firebase Google Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/firebase-talk/k_TS3SLVVRM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/c8dcfda8-111c-4b19-9d21-763d532d3f73%40googlegroups.com.

[Jacob Wenger]

@Romel - The fact that the GitHub payload does not contain the user's email even if the user:email scope is provided is a bug on our end. For some reason, GitHub does not include the GitHub user's email(s) in the standard OAuth flow and we had a regression in the 3.x.x SDK which no longer fetched it. We are working on a fix on our backend and I will let you know when it is fixed. Things should just start working once it is fixed on our end and you shouldn't have to change any of your code.

In the meantime, you can actually fetch the email data yourself using the list user emails endpoint of the GitHub API. Your request would look like GET https://api.github.com/user/emails?access_token=<GITHUB_ACCESS_TOKEN_FROM_FIREBASE_AUTH>.

@Aleem - Thanks again for your feedback and apologies if you are getting frustrated. Our auth stack for the 3.x.x SDKs is almost entirely new and has fixed many longstanding issues. I am not sure what you mean by forgot password being unavailable. We have had password reset emails for a long time now. And I'm not aware of any issues with them being broken for emails with + signs in them. Please start a new thread or link me to an old one with details about that issue. Finally, the Twitter OAuth scope is now a part of our 3.x.x SDK. Have you tried adding this particular scope on the new 3.x.x SDKs? We are still waiting for our Twitter app to get whitelisted for getting email addresses, but we think it should work. We will post back here in a few days (or whenever our app gets approved) and let you know if it works. In the meantime, give the 3.x.x SDK a try and let us know if you are still having any of these issues.

--

You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CA%2B%3DUhp_z_GiTD%3DD87zem32DsjE6YqVc0dmQQidUaEJPx9ZgbVQ%40mail.gmail.com.

[Jacob Wenger]

@Aleem - I've got some good news! Our internal Twitter app was finally approved to provide emails. We can confirm that if you provide the email scope when signing in with Twitter, the email will be populated in the top level email field of currentUser as well as the email field in the Twitter provider's data. So, I think it's safe to say that this feature is now fully available in the new 3.x.x SDKs. Happy coding!

@Romel - We are still working to resolve the GitHub email not showing up, which, as I said, is a bug on our end. Continue to use the workaround I suggested until we get it fixed.

[Romel G]

Hi, @Jacob, That is great news!   

As soon I read this answer, I start testing, and find that the twitter email is not saved in the console and the firebase.User don’t have the email to, (is null), also the TwitterAuthProvider don’t have the method addScope as the rest of the providers, I get undefined when I try used:

https://github.com/romelgomez/angular-firebase-login-example/blob/master/public/static/assets/scripts/login.js#L315

As you can see I just made a git repo that is an Angular + Firebase 3.X Login Example, to test all the scenarios possible that can happen, if you need to change the licence to use the code, feel free to tell me, I will happy to change that, I noob in that topic.

​

Best regards. And thank you for taking your time to solve the problem.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CAGcMwsBUO1unzsLcCX9fqLNn8Uo75MciWTrO0XJ8FCUzP_kp0A%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Prof. Romel Gomez

@romelgomez07

[Aleem B]

Hi Jacob,

There was an issue which I ran into and Kato had acknowledged over a year ago. If the email was foo+bar@gmail and the user clicked forgot pass, the link in the forgot pass was not clickable because you weren't URL encoding the email address. Not sure if it still exists, I moved away from Firebase.

What's frustrating is not only the time you take to resolve these basic issues (1 year turnaround, seriously?) but fact that these issues get reported, logged and responded to with a cookie-cutter we-are-working-on-it.

If you dog food your product or build any kind of site with auth you'll realize right away that users don't remember whether they authorized via github or Facebook. The email being a common denominator can fix this. Either way, if you can't get email sorted for 2 out of 3 services (GH, Twitter), what claim do you have to be any kind of reasonable SaaS for auth?

Aleem

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CAGcMwsDcvdF37W4ZOyVENurFymOGC-WR7rVeN7z4RFcY_g7M_A%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
Aleem

[Bassam]

Hey Romel, you have to whitelist your Twitter application to disclose email addresses. 

https://support.twitter.com/forms/platform

After Twitter oks the request, you should go to you app settings and select the option to add the email scope. This is done only via the twitter app settings and not on the client side like OAuth2 providers.

[Jacob Wenger]

@Aleem - Sorry for the poor experience you had and that you moved away from Firebase. Thanks for the valuable feedback. We try not to over-promise as priorities change and unexpected things sometimes occur. Auth was particular in flux over the past year as can be seen by all the changes and new features that come in as part of I/O. Sorry that we weren't able to add this feature in a time frame that worked with your app and apologies for over-promising on getting a fix in. I hope you reconsider using Firebase in your next project.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/b51c2524-eb85-4491-acb3-988b4ac0f344%40googlegroups.com.

[Romel G]

Hi @Basssam, That worked!

Best regards. And thanks you for taking your time.

Firebase team are the best! Big Thanks.

​

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/b51c2524-eb85-4491-acb3-988b4ac0f344%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Bassam]

You're welcome!

[Calvin Pacheco]

Hi @Bassam,

I've done all your steps,but I still not getting the email.

Here is my twitter app settings. As you see, I've enabled "Request email addresses from users". What should I do?

[Bassam]

Hey Calvin, make sure you save these settings. This should be enough to get it to work. Try to delete the Firebase user and then sign in again with twitter. The email in providerData for twitter should be populate as well as the user.email field.

[Calvin Pacheco]

Hi!

I've never checked the email in providerData. Now I'm getting it by providerData, but my user.email and email.Verified still null and false. After update settings in my twitter apps page, I also deleted all twitter users from Firebase Console and also tried to renew my token, however after logged in my FirebaseWebApp the twitter user account still with "-". How do I will fill this accounts?

[Bassam]

Hey Calvin, are you using "Multiple accounts per email address" in your project settings ("Authentication" section -> "Sign In Method" tab)?

If so, the top level email will always be null in that case and the email may be populated in the provider data only. 

You could switch to the recommended "One account per mail address" to get the expected behavior but keep in mind in this case multiple providers with the same email will be required to be linked.

email.verified will be only be true for Google providers or accounts that have gone through the email verification process.

[Calvin Pacheco]

You were right Bassam, I was using Multiple acconts per email address, now all twitter accounts show their emails. I'm really appreciated for your help. thanks Bassam.

--

You received this message because you are subscribed to a topic in the Google Groups "Firebase Google Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/firebase-talk/k_TS3SLVVRM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/13095019-6e33-4d74-8f26-d44ff39d34a7%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Calvin Pacheco Developer +555184935716 | pac...@calvinpacheco.com | www.calvinpacheco.com

[Bassam]

You're welcome, Calvin. Glad I could help.