Email permissions bug on account/verify_credentials?

_hazelsarah · 2016-03-29T15:14:53.043Z

Hello again!

We recently gained access to our users’ email addresses via this endpoint. We’ve got it all up and running… for the most part. We’ve found one issue - if a user has already authenticated the app with the old permissions, and for some reason need to reauthenticate the app (in this case, when a user has deleted their account on our platform and signs up for a new one), they’re shown on the auth screen that our platform will have access to their email address - but we don’t! On making a call to verify_credentials with include_email set, we don’t receive their email address. This is a bit sad.

Thanks,
Hazel

andypiper · 2016-03-29T16:13:47.362Z

Hi Hazel - that’s a weird one! So what you’re saying is…

newly auth’d users are prompted for email access, and you are able to retrieve it
existing auth’d users are made to reauthenticate / tokens are recycled, prompted for email access, but your app doesn’t retrieve it

Honestly I’m slightly baffled by what might be going on here. Out of interest, what client library / language are you using?

_hazelsarah · 2016-03-29T17:15:52.036Z

Yep, that’s my problem

I’m using the tweepy library, the code’s in Python.

andypiper · 2016-03-29T17:44:10.169Z

You already mentioned that this works for you in one case and not the other, so this is probably a redundant question - but just to double-check - you’re passing a string value of “true” into the ?include_email parameter in both cases, right?

Also, is this consistent in all cases where a re-authenticated user is queried? (i.e. can we be sure that the user does in fact have a validated email address associated with the account?)

_hazelsarah · 2016-03-30T09:08:15.806Z

Yep, we’ve been using ?include_email=true throughout.

I’ve been testing it with my personal account (which does have a validated email address) and have found the behaviour consistent.