0

My existing app uses Python Social Auth to allow account creation via Facebook, in addition to creating a custom account. I now want to add the ability to collect the user's email address by adding SOCIAL_AUTH_FACEBOOK_SCOPE = ['email'] to my settings file.

But how does this affect existing accounts? If someone has already logged-in with Facebook (meaning they already have an account with my app) when I didn't ask to access their email, what happens now that they come back to the app? Will I be able to get their email?

steph
  • 701
  • 2
  • 10
  • 30
  • 1
    You need to send them through the login flow again, only then will they be asked for the new additional permission. (But probably that is happening already anyway, because server-side apps can only detect if a user is logged in by sending them to the login dialog – if they are logged in and no additional permissions are asked, it’ll redirect right back; otherwise, it’ll ask the user to login/for the additional permissions.) – CBroe Jun 26 '15 at 20:09
  • thank you @CBroe that's what I was hoping would happen but wasn't sure if either it would 'break' existing accounts or if I would need to configure something else – steph Jun 26 '15 at 20:18

1 Answers1

0

@CBroe answered my question: You need to send them through the login flow again, only then will they be asked for the new additional permission. (But probably that is happening already anyway, because server-side apps can only detect if a user is logged in by sending them to the login dialog – if they are logged in and no additional permissions are asked, it’ll redirect right back; otherwise, it’ll ask the user to login/for the additional permissions.)

steph
  • 701
  • 2
  • 10
  • 30