Facebook API拿不到使用者email?

許多網站實作會員系統時,會開發「用facebook登入」功能,或是註冊過程中套入facebook資料、減少使用者註冊的麻煩。

開發人員通常會覺得,至少拿得到email,對吧?

其實不然。就算使用者同意授權還是可能拿不到。

Facebook API有針對email欄位寫下這段:

This person’s primary email address listed on their profile. This field will not be returned if no valid email address is available.

所以,跟臉書拿資料時,不要用email欄位來判斷是否從facebook拿到資料了,用id欄位。也不要直接用email欄位去判斷使用者是否註冊過。

真的硬要寫入email有一個solution:臉書就算不給你email,若是有回傳username就將email存[username]@facebook.com、
連username都沒有就存[id]@facebook.com

臉書會將收到的信轉寄給使用者信箱。
注意:不是存進臉書收件匣,是轉寄到使用者的主要信箱。臉書政策改過。

http://www.theverge.com/2014/2/24/5443454/facebook-retires-its-email-service

注意:經我測試,有username就不能寄信到[id]@facebook.com,會失敗。

根據國外開發者的回報,他們的會員大約有0.1% – 2%有這個情形。

大家都以為至少能從臉書拿到email,這導致了一個國際級常見bug吧。

臉書工程師的解釋如下:

There are a number of circumstances in which you may think a user should have an email address returned but they will not. For privacy and security reasons it is not possible to elaborate on the precise reason any specific user’s email address will not be returned so please do not ask.

Some possible reasons:
No Email address on account
No confirmed email address on account
No verified email address on account
User entered a security checkpoint which required them to reconfirm their email address and they have not yet done so
Users’s email address is unreachable

可以參見以下文章的討論:

http://stackoverflow.com/questions/9347104/register-with-facebook-sometimes-doesnt-provide-email

https://developers.facebook.com/bugs/298946933534016

https://github.com/mkdynamic/omniauth-facebook/issues/61

最後再強調一次:不要以為一定能從臉書撈到email資料

(Photo via  marcopako, CC licensed)