是否可以检查电子邮件是否在Facebook上确认? [英] Is it possible to check if an email is confirmed on Facebook?
问题描述
更新
这是通过。很明显,我不敢相信我从Facebook获得的电子邮件地址真的属于拥有Facebook帐户的用户。
有没有其他方法知道电子邮件地址是否被验证,如果我想使用它来识别用户,我是否必须自己验证?
虽然不是最合适的方法,但您可以尝试解决方法,只需发送搜索和解析结果:
http ://www.facebook.com/search/results.php?q =<这里的电子邮件地址>
您还受到用户为自己设置的任何特定隐私设置,但代替没有其他方式...
Update
This was reported to Facebook via https://www.facebook.com/whitehat/report/ on Dec 16th 2013 and Facebook responded on Dec 17th that the bug has long since been fixed.
I have retested this with my Facebook account (that I still haven't verified the email address on) and when using the Grap API Explorer tool it is not possible to get the email address of this account using the Graph API or using a FQL query.
Conclusion: The email address you get from Facebook using the Graph API or a FQL query is a verified email. If an account hasn't verified it's email yet it's not possible to get it.
Original Post
I am making a web app with SSO that is offering the user to sign in with either Google or Facebook. I would like users who have both types of accounts to show up as the same user in my system regardless of which identity they log in with. To achieve this I'm thinking of using the email address as the identifier to know if I should create a new account or if the user already exists.
To not introduce any security problems I must know that the email address is verified and actually belongs to the user. For Google the userinfo API can tell me if an email is verified or not, so there's no problem here. But I can not find anything like this in the Facebook Graph API.
Is it possible to know if an email address is confirmed on Facebook?
I know that there is a verified field, but that only tells if the account is verified and not the email address.
At first it looked like you are only able to use the Graph API for accounts where the email address has been confirmed. If the address wasn't confirmed I just got an error telling me that I had to confirm the email address first before being able to sign in to any third party site.
However this does not seem to be true for all accounts. In some cases it's possible to get accesses to all parts of Facebook even if you don't have a confirmed email address. One example of this is when you sign up with a @myopera.com mail address.
When you sign up to Facebook with a @myopera.com email address you get a message that your account has been temporarily locked as soon as you submit the sign up form. To continue you need to provide your phone number to verify your account and to "keep Facebook safe and free from spam" (sorry for the Swedish in the screenshot, this was before I could get into Facebook and change language to English):
When you provide your phone number you are logged in and Facebook doesn't nag you any further about that you have to verify your email address.
The only place where you can see that your email address is not yet verified is on the settings page:
The Mobile Settings that is usually not accessible before you have verified your email address is available and lists the phone number entered during sign up:
In addition to this it is also possible to log in to third party sites with an unconfirmed email address:
When I connect to the graph api with this user I can get the unconfirmed email address and the verified field returns true as expected since I have verified the account by adding a phone number. So obviously I can't trust that the email address I get from Facebook really belongs to the user that has the Facebook account.
Is there any other way of knowing if the email address is verified or not or do I have to verify it myself if I want to use it for identifying the user?
While not the most optimal way to do it, you could try a workaround by just sending a search and parsing the results:
http://www.facebook.com/search/results.php?q=<email address here>
You're also subject to any particular privacy settings users have set up for themselves as far as being searchable, but in lieu of no other way ...
这篇关于是否可以检查电子邮件是否在Facebook上确认?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
