We agree that email addresses should be available via the API. Of course, as a user - just granting access to arbitrary applications should not reveal my email address. However, OAuth 2 has the notion of scope, and we think that there should be a new scope to reveal email addresses. This is how things work at Facebook, and it appears to be the best of both worlds - users are in control of their data, and developers have access to the information they need.
It would be very nice to receive a users email address upon login. Currently, the user has to signup for an account on my site then has to re-enter their login info. Not the best UX…
I would switch to another provider but my app is a Twitter app.
still retarded that they don’t provide the email… common sense is more valuable than specs for the real world
Ha, oldie but goodie. I just did the same thing. FML.
So I just wasted 20 mins of my life… Seriously…
Authorization Protocol: Oauth1
Includes Email: False
And this is 2014…
So I like that Twitter is caring for privacy and doesn’t offer the email address. Even if it would be on a permission base, than too many apps would request that permission (so that I can’t use them)
There’s a heck of a lot of Apps you can’t use because people won’t implement Twitter login until they provide an email address…
Seriously? This is still in this state?
Does Twitter genuinely not understand how developers wish to use these forms of third party authentication? I can’t put it any better than many previous posters, but this auth api is completely useless without the ability to request an email address. Sure you can work around it, but there’s no point, if I have to ask for and validate a users email address then Twitter auth saves the user no effort whatsoever, it is literally useless.
I join the hundreds/thousands of other developers not using twitter auth until you sort this out.
Creating a new application. Read this thread. Conclusion: not adding twitter as an Identity Provider.
I’ll simply have Facebook, Google+ and LinkedIn as Identity Providers for my app. Twitter API sucks big time.
Surely its not only to authorise a user but to also access data? how can I contact a user who as used twitter to login to my website? unless they actually login I will be unable to message without asking for their email, API;s are not JUST about authentication, they are about saving tome when registering and logging in.
I see by the timestamps on each of the comments that I’m coming to this thread a little late. I’ve just finished implementing authentication for both Google+ and Facebook, and yes, just like the comments mention, both of those platforms provide email if you ask for permission for the email via scopes. This is why I’m a little surprised that you can’t collect it via the Twitter API. So given the fact this is what I have to work with (and yes, I know it sucks), this is how I’m going to address this…
When the user logs in to Twitter through my app for the very first time, I’m going to collect their email address via a form (yes, ideally we would never have to do this, and yes, this is different than the other platforms I’ve already implemented) and then store it in a database with their Twitter User ID. When they authenticate correctly moving forward, I will check my database to see if I already have the associated Twitter User ID. If I have the associated Twitter User ID, then I will also have their email (by design). And in the future, I can communicate to them as necessary via email.
I figure the above implementation I’m performing is similar to how most will overcome this issue, but it seemed with this topic and other related topics that I couldn’t find anyone mentioning their workaround.
Twitter API team - why are you making our life so hard?? OK, i guess you did a good job on implementing the easy sign-in, but all the rest just sucks!
Why do I need to write a lot of code, just to get the user’s access token&secret ??
Why should I ask the user’s email manually if the twitter system already have it ??
You should make your home work, you’re the only API that make the whole thing complicated and messy, and for no good reason.
It seems to me that the Twitter API Team with their “3 step permissions model” tied their own hands in terms on implementing a solution like this.
However that they fail to recognize this and say “just ask for it” - is kinda pissing people off…
But since apparently this is absolutely impossible to achieve we have decided to completely remove the “Sign in with twitter” functionality and instead turned it in to a “Connect with twitter” for already authenticated users. In case other are wondering what options they have.
Is there anyway of storing the account details of a user onto my website
Do not get the email is ridiculous, I do not want just the logged in user but the essential data [Name, Surname and EMAIL] that is the minimum to provide the user should rethink this API, just implement and at the end of a disappointment not get the user’s email, oh this is too ridiculous! And make two years since the first issue, are closing their ears to anyone who actually uses the API.
Hi there Twitter developers,
We are integrating Social Login with Oracle Authentication products. Google and Facebook integration has been achieved and they are perfectly working, however when trying to integrate Twitter we are facing this unbelievable restriction regarding email callback.
I would like to let you know that this limitation prevents us from integrating this tool with Oracle and I would encourage you to reconsider that position of yours, because it makes Twitter login way less attractive to application developers.
Regards
Javier
Don’t mean to stir the pot but I just signed up for Tidal with Twitter and they got my e-mail address - apparently other services can too, this is just an example I have.
There must be a way…
You need to validate ID for twitter, in other words you need to have another column specific for twitter and store the profileid. Same treatment as how you store the email address. That is my work around for this kind of scenario
Hi everyone on this thread - we now provide email addresses to whitelisted apps - see details in the account/verify_credentials documentation.