Skip to Content

Why Facebook Login doesn’t return email?

By: Author Elizabeth Wilson

0 Comments
Why Facebook Login doesn’t return email?

Facebook Login has become a popular way for users to quickly sign in to websites and apps without having to create new accounts. When a user signs in with Facebook, the website or app can get access to some information from their Facebook profile, like their name, profile photo, and user ID.

What data does Facebook Login provide?

By default, Facebook Login gives apps and websites access to a user’s public Facebook profile information. This includes:

  • Name
  • Profile photo
  • Facebook user ID

Apps and websites can request additional permissions to access a user’s email address, friend list, interests, and other non-public information. The user has to approve giving access to any additional data.

Why doesn’t Facebook Login provide email addresses?

There are a few reasons why Facebook Login does not automatically give apps and websites a user’s email address:

Privacy

Email addresses are considered personal information that many users want to keep private. Requiring apps to ask for explicit permission from users gives people more control over who has access to their email address.

Security

Email addresses are commonly used for account recovery and resetting passwords. If an app or website gets hacked, any exposed email addresses could be used to compromise related accounts. Having apps explicitly request email access rather than granting it by default reduces this risk.

Encouraging app registration

Facebook wants to encourage app developers to collect a user’s email address and additional information during registration. This allows apps to establish a direct relationship with users for notifications, advertising, and other communications separate from Facebook.

How apps and websites can get a user’s email address

If an app or website needs a user’s email address, there are a couple ways to get it through Facebook Login:

Request email permission

Apps can request the ’email’ permission when users login with Facebook. This will prompt the user to approve giving access to their email. If they approve, the app will have ongoing access to the user’s email address.

Ask for email during registration

The best practice is to prompt the user to provide an email address directly to the app or website during registration. This allows establishing a direct relationship without needing ongoing access to their Facebook email.

Here is an example registration flow:

  1. User clicks “Login with Facebook”
  2. User approves sharing public profile info like name and profile photo
  3. App registers new account with user’s Facebook ID
  4. App prompts user to provide an email address
  5. User provides email
  6. App associates email with new account

This gives the app the user’s email while allowing the user to keep their Facebook email private from the app.

Other alternatives to get user emails

If for some reason getting the user’s email during registration isn’t feasible, here are some other alternatives apps can consider:

Email hashes

The Facebook Graph API provides an email hash for users if the app has the ’email’ permission. This allows checking if a given email matches the user’s Facebook email without exposing the actual email value.

Account linking

Apps can use account linking to tie a Facebook account to an existing account a user already has with the app or website. This allows users to sign in with Facebook while retaining their original email address.

Server-side account creation

Rather than handling registration client-side, apps can create new accounts server-side when users first log in with Facebook. This provides more flexibility to associate data like emails.

Why apps should get user emails

While Facebook Login doesn’t provide direct email access by default, there are good reasons for apps and websites to get user emails through other means:

  • Email allows password recovery in case users lose access to Facebook accounts
  • Emails enable notifications about app activity, offers, and other communications
  • Email newsletters can re-engage inactive users
  • Collecting emails builds valuable marketing lists and CRM data

Conclusions

Facebook prioritizes user privacy and security by not sharing email addresses through Facebook Login by default. Apps and websites should follow Facebook’s lead by gaining explicit user permission before accessing email addresses.

The best practice for apps is to request an email address directly from users during registration after they’ve logged in with Facebook. This allows establishing a direct relationship while still providing a quick and easy login experience.

While access to emails may seem limited, Facebook Login still offers apps the ability to instantly create accounts and identify users while putting control over data sharing in users’ hands. Overall, not providing automatic email access is in the best interest of both app developers and Facebook users.

Related posts:

  1. What Are Facebook Shortcuts?
  2. Is Facebook Shortcut Random
  3. Are facebook shortcut public
  4. Why Are There Always Shortcuts of Friends Showing Up Facebook App