Kebin Maharjan - 187 - Jan 25, 2015

Hi there,
I’m currently using facebook provider and running into a major issue where users can deny to share their email address(facebook permission screen). UserAuth gets created with Email address. Is there a way to make this a requirement? i.e UserAuth is not created if users don’t agree to give us the email address. 

For the users that are already in our system(without email), how would you suggest that next login will retrieve the email address?


There is a custom validation filter you can use to add your own custom pre-auth validation, e.g:

You should be able to just delete the Facebook entry from the UserAuthDetails table for that user which will run the validation logic the next time they sign-in.

Kebin Maharjan:


Kebin Maharjan:

For the second part :
- deleting user auth details  to re-run the validation logic doesn’t work quite intended. Validation works but Facebook won’t ask/show login dialog to users again. User has no way to agree to share email unless they manually go to account settings etc. But looks like we can send auth_type: ‘rerequest’ for email?

hmm not sure, looks like FB records the permission was denied for your App and doesn’t re-ask the user again. Not sure if this is possible within an OAuth call as the only configuration available is with requested scopes:

You might need to do this with FB’s JS API. 

Kebin Maharjan:

According to the FB’s doc below, adding a parameter auth_type=rerequest on an OAuth call will re-ask the user for the permissions that was denied.

The only way to change this was to subclass the AuthProvider and override the Authenticate() method to customize the urls used.

I’ve also just added url filters for each AuthProvider in this commit:

So you can provide a custom url filter to customize the different redirects urls used at registration with:

new FacebookAuthProvider {
    PreAuthUrlFilter = (authProvider, url) => url

Here you can return a diffrent url for ServiceStack to use instead.

Kebin Maharjan:

Awesome. Thanks a lot :slight_smile:

Kebin Maharjan:

So with this change, can we also remove or check to append ‘?’, if not already in the PreAuthUrlFilter for the query parameters? Otherwise we will have multiple '?'s on the url.

Can you link to a line number of what you mean? The whole url should be customizable in the filter.

Kebin Maharjan:

Nevermind, I was looking at PreAuthUrl instead of PreAuthUrlFilter. Thanks a lot!