0

There's no clear information about this, neither at Twitter developer portal either.

How to obtain user's email via Twitter API OAuth v1 or v2? Is it possible at all nowadays?

Assume that a user has been authenticated with a proper "scope" permission

tutushka
  • 27
  • 6

1 Answers1

1

This is possible in Twitter API v1.1 and OAuth 1.0A, if:

  • the app has "request user email address" permissions in the developer portal for OAuth 1.0A, with the account access token granted after that was set (i.e. they saw "app can request your email address" in the list when authenticating), and...
  • the app calls /1.1/account/verify_credentials.json with the include_email=true parameter set

This is not currently possible in Twitter API v2 with OAuth 2.0 but this is actively being worked on (and would be added via Open ID Connect in the future release when it is ready).

Andy Piper
  • 11,422
  • 2
  • 26
  • 49
  • how to do it in v1.1 and OAuth 1.0A? by calling `/1.1/account/verify_credentials.json`? – tutushka Nov 01 '22 at 14:44
  • Yes, that's correct. Call `/1.1/account/verify_credentials.json?include_email=true` with the OAuth access token and secret for the authenticated user, and the returned User object should include the email address. – Andy Piper Nov 01 '22 at 23:04
  • Have you tried it yourself? Has it returned an email on practise? I remember that I'd read about this end-point too – tutushka Nov 02 '22 at 01:08
  • Yes, I’ve tried it myself, I wrote the documentation for this feature. – Andy Piper Nov 02 '22 at 05:54
  • I've remembered: I've tried to use the end-point when I was trying other things. And this is an issue I've had: ```{'errors': [{'message': 'You currently have Essential access which includes access to Twitter API v2 endpoints only. If you need access to this endpoint, you’ll need to apply for Elevated access via the Developer Portal. You can learn more here: https://developer.twitter.com/en/docs/twitter-api/getting-started/about-twitter-api#v2-access-leve', 'code': 453}]}``` – tutushka Nov 02 '22 at 12:52
  • But obtaining `Elevated Access` will take time, require additional information provided and in the end may still be denied. It's neither immediate, nor smooth process. Right? But my application is in the testing phrase still – tutushka Nov 02 '22 at 12:53
  • I can open a new question here if you'd like – tutushka Nov 02 '22 at 12:54
  • The answer I provided is unchanged. The way to retrieve an email address for an authenticated user is via OAuth 1.0A (and yes, that does require elevated access). When the OIDC feature is available on Twitter's OAuth 2.0 implementation, this answer will change, but for now, this is the only way to do it. – Andy Piper Nov 02 '22 at 13:35
  • What is the other question? – Andy Piper Nov 06 '22 at 13:02
  • What are you refering to? – tutushka Nov 06 '22 at 15:53
  • @AndyPiper Can you hit the `/1.1/account/verify_credentials.json?include_email=true` endpoint with the oauth access token you received from `https://api.twitter.com/2/oauth2/token` or do you have to go though the 3 step verification process for the oauth 1.0a protocol to hit this endpoint? – Steve K Jul 17 '23 at 01:43