Email permissions bug on account/verify_credentials?



Hello again!

We recently gained access to our users’ email addresses via this endpoint. We’ve got it all up and running… for the most part. We’ve found one issue - if a user has already authenticated the app with the old permissions, and for some reason need to reauthenticate the app (in this case, when a user has deleted their account on our platform and signs up for a new one), they’re shown on the auth screen that our platform will have access to their email address - but we don’t! On making a call to verify_credentials with include_email set, we don’t receive their email address. This is a bit sad.



Hi Hazel - that’s a weird one! So what you’re saying is…

  • newly auth’d users are prompted for email access, and you are able to retrieve it
  • existing auth’d users are made to reauthenticate / tokens are recycled, prompted for email access, but your app doesn’t retrieve it

Honestly I’m slightly baffled by what might be going on here. Out of interest, what client library / language are you using?


Yep, that’s my problem :slight_smile:

I’m using the tweepy library, the code’s in Python.


You already mentioned that this works for you in one case and not the other, so this is probably a redundant question - but just to double-check - you’re passing a string value of “true” into the ?include_email parameter in both cases, right?

Also, is this consistent in all cases where a re-authenticated user is queried? (i.e. can we be sure that the user does in fact have a validated email address associated with the account?)


Yep, we’ve been using ?include_email=true throughout.

I’ve been testing it with my personal account (which does have a validated email address) and have found the behaviour consistent.