Handle denied email

Created on 24 March 2021, over 3 years ago
Updated 28 October 2023, about 1 year ago

Problem/Motivation

If the user denies the email permission, authentication then fails with the "This site requires permission to get your email address."

However, if you try again, you do not get to set your preferences the next time round but instead come straight back to the same page.

Steps to reproduce

  1. Authenticate via facebook, but do not allow email permission in the facebook dialog
  2. Suffer - the only current resolution is for the user to remove the app from buried deep in their facebook settings

Proposed resolution

Store the fact that we don't have their email permission in the session, and if they attempt to re-use facebook, pass the auth_type=rerequest parameter along with the redirect (see docs) so the user gets presented the option again.

Remaining tasks

Implement it

User interface changes

None

API changes

I don't believe any

Data model changes

Possibly storing some session data

✨ Feature request
Status

Needs work

Version

4.0

Component

Code

Created by

πŸ‡¬πŸ‡§United Kingdom andrewbelcher

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡ΈUnited States wells Seattle, WA
  • πŸ‡¦πŸ‡ΊAustralia 2pha

    I stumbled here as I am trying to upgrade/migrate a D7 site I made many moons ago which has facebook connect as the only option to login.
    It seems back in the day I wrote my own action for the D7 only fboauth module that would set the user email to {facebook_ID}@facebook.com if the email was not authorised.
    Site has been running for over 10 years without a hitch... so just thought I would suggest it.

Production build 0.71.5 2024