/account/verify_credentials not returning email address for certain users


#1

We have an application that has been running in production for several months that logs users in and then attempts to pull their email address via a call to /account/verify_credentials. Our application is whitelisted and all options are configured properly in the app’s settings.

For most users, this call returns their email address as it should and everything is OK. For other users, /account/verify_credentials does not return the email field; it is missing completely from the data returned by the API as if the application wasn’t whitelisted or set up correctly, which we know is not the case as other users work.

It seems like this issue began occurring sometime last week (Wednesday or Thursday) as that is when some of our automated tests began failing (the test user’s email disappeared from the API data; it had previously worked for months). In attempting to debug the issue, developers from our team tried running through the flow and it worked correctly for them (/account/verify_credentials returned their email addresses as it should).

Question: has anything with the API changed recently that could cause the email field to not appear for certain users? Is there any way to debug users that fail to determine why they fail? Has anything changed with account settings or anything like that which would prevent the API from returning the user’s email?

Thanks!
//A


#2

I’m looking at similar problems (although our twitter login isn’t in production yet). Something you might want to check is whether the users that don’t return the email field are users that didn’t log in with twitter before. When you Revoke Access (Settings > Apps) and try to login, do you receive an email address?

While testing this, it seems that account that had been logged in once, already granted access to their email. But accounts that are logging in without previously granted access don’t get this permission (even though it’s stated in Twitters Sign in form) and aren’t returning their emails when requesting it through /account/verify_credentials.

Let me know what you find.


#3

That appears to be the case: the user’s email address isn’t returned if they haven’t already authorized the application (or stops appearing if they revoke access and attempt to log in again). I just revoked app access to my account and attempted to log in, and got back no email address; this account previously worked before I revoked access to the application.

The automated test that began failing revokes access to the app after test runs, so that would trigger the issue there and seems to make sense. It had done the same thing without fail for months, so it seems very unlikely that we’re doing something wrong.

The issue appeared to start happening during the middle of last week (June 24 or 25), so I wonder if they pushed an update that changed its behavior?

@andypiper: Any ideas what could be happening?


#4

Thanks for the heads-up and the detail. Under investigation.


#5

Hey @andypiper and @JibstaMan:

I just tested this again this morning and it appears to be back to normal. Our old automated test passes as well. If the Twitter elves fixed something behind the scenes, thanks!