2

In my app, I need an email for every user. Facebook inconveniently for me does not provide it as a part of public profile. So I ask for permission:

SOCIAL_AUTH_FACEBOOK_SCOPE = ['email', 'public_profile']
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {
    'fields': 'id,name,email', 
}

Now, user has the option to not grant the email permission. I want to make registration impossible without granting this permission. How do I do it?

Zygro
  • 6,849
  • 11
  • 28
  • 43

1 Answers1

2

You need to add function to the authentication pipeline that enforces the email requirement or raises AuthForbidden instead. Here's an example:

from social_core.exceptions import AuthForbidden


def email_required(backend, details, user=None, *args, **kwargs):
    if details.get('email') or user and user.email:
        return
    else:
        raise AuthForbidden(backend)

You need to put that function before the user or social relation is created, so after social_uid should be fine.

omab
  • 3,721
  • 19
  • 23
  • Thanks, I figured it out myself after all, however I forgot to check if I already have email. You spared me a future headache. To anyone reading this later, one problem I encountered was that any exception in the pipeline results in a `ValueError`, so catch that and not particular exceptions. This will hopefully save you some time. – Zygro Apr 10 '18 at 11:37